Achieving Successful Software Penetration Testing
Authors/Creators
Description
Abstract: In today’s digital environment, where society faces cyber threats, security is a key component of any organization. Penetration testing is crucial in detecting and eliminating security weaknesses before real attackers can use them. In reality, software penetration testing mimics real-world attacks on software applications to detect vulnerabilities, i.e., security vulnerabilities that real attackers could exploit. The testing requires careful planning, precise performance, and a thorough analysis of the results. This paper deals with successful penetration testing, starting with the basic steps of planning and defining the scope of the test itself. An overview of all tools and techniques and the importance of choosing the right tools for penetration testing are presented. The paper provides a comparative analysis of key tools for penetration testing, including practical guidelines for choosing appropriate methodologies and frameworks. Penetration testing requires a continuous approach as threats and vulnerabilities evolve with technology development. Through regular testing and updates of security policies, organizations can ensure the security of their own software systems.
Originally published in: International Journal of Innovative Solutions in Engineering (IJISE), Vol. 1, No. 1, 2025. Official URL: https://ijise.ba/article/1/
Files
Vol.-1-No.-1-Article-1.pdf
Files
(412.1 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:1c0f87673ec117d9395f518ff183a688
|
412.1 kB | Preview Download |
Additional details
Identifiers
Related works
- Is identical to
- Journal article: https://ijise.ba/article/1/ (URL)
- Is published in
- Journal: 3029-3200 (ISSN)
References
- B. Potter and G. McGraw, "Software security testing", IEEE Security & Privacy, vol. 2, no. 5, pp. 81–85, Sep. 2004, doi: https://doi.org/10.1109/MSP.2004.84.
- D. Verdon and G. McGraw, "Risk analysis in software design", IEEE Secur. Privacy, vol. 2, no. 4, pp. 79–84, Jul. 2004, doi: https://doi.org/10.1109/MSP.2004.55.
- CARNet CERT and LS&S, "Metodologija penetracijskog testiranja," 2008. [Online]. Available: https://www.cis.hr/www.edicija/LinkedDocuments/CCERT-PUBDOC-2008-02-219.pdf
- K. Van Wyk, "Adapting penetration testing for software development purposes," Jan. 2007. [Online]. Available: https://apps.dtic.mil/sti/pdfs/AD1180049.pdf
- H. M. Z. A. Shebli and B. D. Beheshti, "A study on penetration testing process and tools", in 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT), May 2018, pp. 1–7. doi: https://doi.org/10.1109/LISAT.2018.8378035.
- "Penetration Testing Phases". Accessed: Jan. 16, 2025. [Online]. Available: https://amatas.com/blog/penetration-testing-phases/
- J. N. Goel and B. M. Mehtre, "Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology", Procedia Computer Science, vol. 57, pp. 710–715, 2015, doi: https://doi.org/10.1016/j.procs.2015.07.458.
- G. Whittaker, "Hacking Made Easy: A Beginner's Guide to Penetration Testing with Kali Linux | Linux Journal". Accessed: Jan. 16, 2025. [Online]. Available: https://www.linuxjournal.com/content/hacking-made-easy-beginners-guide-penetration-testing-kali-linux
- Metasploit, "Metasploit Framework User Guide," Amyotroph. lateral Scler. Off. Publ. World Fed. Neurol. Res. Gr. Mot. Neuron Dis., vol. 11, no. 1–2, pp. 38–45, 2010.
- S. Raj and N. K. Walia, "A study on Metasploit Framework: a Pen-Testing tool," 2021 International Conference on Computational Performance Evaluation (ComPE), pp. 296–302, Jul. 2020, doi: https://doi.org/10.1109/compe49325.2020.9200028.
- P. Kumawat, "Introduction to Burp Suite – Guide for Burp Suite," Security Cipher, Nov. 15, 2023. https://securitycipher.com/2020/06/07/introduction-to-burp-suite-guide-for-burp-suite/
- "Nmap: the Network Mapper - Free Security Scanner." https://nmap.org/
- The Open Web Application Security Project, "Testing guide," book. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf
- H. M. Adam, Widyawan, and G. D. Putra, "A Review of Penetration Testing Frameworks, Tools, and Application Areas", in 2023 IEEE 7th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Purwokerto, Indonesia: IEEE, Nov. 2023, pp. 319–324. doi: https://doi.org/10.1109/ICITISEE58992.2023.10404397.
- J. A. Pratama, A. Almaarif, and A. Budiono, "Vulnerability Analysis of Wireless LAN Networks using ISSAF WLAN Security Assessment Methodology: A Case Study of Restaurant in East Jakarta," 2021 4th International Conference of Computer and Informatics Engineering (IC2IE), pp. 435–440, Sep. 2021, doi: https://doi.org/10.1109/ic2ie53219.2021.9649360.
- I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. S. Arsa, "Information Technology Risk management using ISO 31000 based on ISSAF Framework Penetration Testing (Case Study: Election Commission of X City)," International Journal of Computer Network and Information Security, vol. 12, no. 4, pp. 30–40, Aug. 2020, doi: https://doi.org/10.5815/ijcnis.2020.04.03.
- F. Abu-Dabaseh and E. Alshammari, "Automated Penetration Testing : An Overview", in Computer Science & Information Technology, Academy & Industry Research Collaboration Center (AIRCC), Apr. 2018, pp. 121–129. doi: https://doi.org/10.5121/csit.2018.80610.
- A. Giuseppi, A. Tortorelli, R. Germana, F. Liberati, and A. Fiaschetti, "Securing Cyber-Physical Systems: An Optimization Framework based on OSSTMM and Genetic Algorithms," 2022 30th Mediterranean Conference on Control and Automation (MED), pp. 50–56, Jul. 2019, doi: https://doi.org/10.1109/med.2019.8798506.
- N. M. Karie, N. M. Sahri, W. Yang, C. Valli, and V. R. Kebande, "A review of security Standards and Frameworks for IoT-Based Smart Environments," IEEE Access, vol. 9, pp. 121975–121995, Jan. 2021, doi: https://doi.org/10.1109/access.2021.3109886.
- B. A. B. Arfaj, S. Mishra, and M. AlShehri, "Efficacy of unconventional penetration testing practices," Intelligent Automation & Soft Computing, vol. 31, no. 1, pp. 223–239, Sep. 2021, doi: https://doi.org/10.32604/iasc.2022.019485.