Vulnerability assessment of web applications - a testing approach

机译：Web应用程序的漏洞评估-一种测试方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cyber security is becoming an important aspect in every industry like in banking sector, power and automation sectors. Servers are critical assets in these industries where business critical sensitive data is stored. These servers often incorporates web servers in them through which any business data and operations are performed remotely. Hence, it is obvious that for a reliable operation, security of web servers is very imperative. This paper provides a new testing approach for vulnerability assessment of web applications by means of analyzing and using a combined set of tools to address a wide range of security issues. We demonstrate the vulnerability assessment tests of a web application by using combination of W3AF and Nikto tools. It shows how with a combination of tools, one can increase the vulnerability testing coverages for web applications, considering the OWASP Top 10 [1] based threat modelling of web applications.

机译：网络安全正在成为每个行业的重要方面，例如银行业，电力和自动化领域。在这些行业中，服务器是存储关键业务敏感数据的关键资产。这些服务器通常将Web服务器并入其中，通过该Web服务器可以远程执行任何业务数据和操作。因此，很明显，对于可靠的操作，Web服务器的安全性至关重要。本文通过分析和使用一组组合的工具来解决广泛的安全问题，为Web应用程序的漏洞评估提供了一种新的测试方法。我们结合使用W3AF和Nikto工具演示了Web应用程序的漏洞评估测试。它显示了考虑到基于OWASP Top 10 [1]的Web应用程序威胁建模，结合工具的一种方法可以如何增加Web应用程序的漏洞测试范围。

著录项

来源
《International Conference on e-Technologies and Networks for Development》|2015年|1-6|共6页
会议地点
作者
Vibhandik Robert; Bose Arijit Kumar;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Internet; file servers; program testing; security of data; Nikto tools; OWASP Top 10 based threat modelling; W3AF; Web application vulnerability assessment; Web server security; cyber security; testing approach; vulnerability testing; Business; Decision support systems; Industries; Security; Testing; Web servers; AppScan; BurpSuite; OWASP; nikto; penetration testing security; security assessment tools; threat modelling; vulenrability assessment; w3af; web server;

机译：互联网;文件服务器;程序测试;数据安全性; Nikto工具;基于OWASP的十大威胁建模; W3AF; Web应用程序漏洞评估; Web服务器安全性;网络安全性;测试方法;漏洞测试;业务;决策支持系统;行业;安全性;测试; Web服务器; AppScan; BurpSuite; OWASP; nikto;渗透测试安全性;安全评估工具;威胁建模;漏洞评估; w3af; Web服务器;

相似文献

外文文献
中文文献
专利

1. Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications [J] . Jan Sadeeq, Panichella Annibale, Arcuri Andrea, IEEE Transactions on Software Engineering . 2019,第4期

机译：自动生成测试以利用Web应用程序中的XML注入漏洞
2. Correction to: Search-based multi-vulnerability testing of XML injections in web applications [J] . Jan Sadeeq, Panichella Annibale, Arcuri Andrea, Empirical Software Engineering . 2019,第6期

机译：更正为：Web应用程序中基于注入的基于搜索的XML注入的多漏洞测试
3. Search-based multi-vulnerability testing of XML injections in web applications [J] . Jan Sadeeq, Panichella Annibale, Arcuri Andrea, Empirical Software Engineering . 2019,第6期

机译：Web应用程序中基于注入的基于搜索的XML注入的多漏洞测试
4. Vulnerability assessment of web applications - a testing approach [C] . Vibhandik Robert, Bose Arijit Kumar International Conference on e-Technologies and Networks for Development . 2015

机译：Web应用程序的漏洞评估 - 测试方法
5. Automatic Unit Testing to Detect Security Vulnerabilities in Web Applications [D] . Mohammadi, Mahmoud. 2018

机译：自动单元测试以检测Web应用程序中的安全漏洞
6. Search-based multi-vulnerability testing of XML injections in web applications [O] . Sadeeq Jan, Annibale Panichella, Andrea Arcuri, -1

机译：Web应用程序中基于注入的基于搜索的XML注入的多漏洞测试
7. Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities [O] . Andrea Avancini, Mariano Ceccato 2014

机译：Web应用程序的安全性测试：基于搜索的跨站点脚本漏洞方法

Vulnerability assessment of web applications - a testing approach

摘要

著录项

相似文献

相关主题

期刊订阅