Cyber security analysis using vulnerability assessment and penetration testing

In last twenty years, use of internet applications, web hacking activities have exaggerated speedily. Organizations facing very significant challenges in securing their web applications from rising cyber threats, as compromise with the protection issues don't seem to be reasonable. Vulnerability Assessment and Penetration Testing (VAPT) techniques help them to go looking out security loopholes. These security loopholes could also be utilized by attackers to launch attacks on technical assets. Thus it is necessary ascertain these vulnerabilities and install security patches. VAPT helps organization to determine whether their security arrangements are working properly. This paper aims to elucidate overview and various techniques used in vulnerability assessment and penetration testing (VAPT). Also focuses on making cyber security awareness and its importance at various level of an organization for adoption of required up to date security measures by the organization to stay protected from various cyber-attacks.

[1]  Ajay Kumar,et al.  A Critical Review on Detecting Cross-Site Scripting Vulnerability , 2014 .

[2]  Jan-Min Chen,et al.  An automated vulnerability scanner for injection attack based on injection point , 2010, 2010 International Computer Symposium (ICS2010).

[3]  Tejinder Singh Detecting and Prevention Cross -Site Scripting Techniques , 2012 .

[4]  Anil Rao,et al.  A Critical Review on Detecting Cross-SiteScripting Vulnerability , 2014 .

[5]  S. Shah A Modern Approach to Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing , 2013 .

[6]  John C. Mitchell,et al.  State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  B. M. Mehtre,et al.  An automated approach to Vulnerability Assessment and Penetration Testing using Net-Nirikshak 1.0 , 2014, 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies.

[8]  S. Yadav,et al.  Survey : Secured Techniques for Vulnerability Assessment and Penetration Testing , 2014 .

[9]  Teh Faradilla Abdul Rahman,et al.  Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack , 2014, 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[10]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Samik Basu,et al.  Detecting Cross-Site Scripting Vulnerability Using Concolic Testing , 2013, 2013 10th International Conference on Information Technology: New Generations.

[12]  Girdhari Singh,et al.  Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey , 2014, International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014).

[13]  Eduardo Souto,et al.  ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[14]  Al-Sakib Khan Pathan,et al.  Preventing persistent Cross-Site Scripting (XSS) attack by applying pattern filtering approach , 2014, The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M).

[15]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.