RESEARCH OF PENETRATION TESTING METHODS

Authors

DOI:

https://doi.org/10.35546/kntu2078-4481.2024.3.28

Keywords:

security, security testing tools, penetration testing, cybersecurity.

Abstract

The article examines penetration testing methods as a vital tool for identifying vulnerabilities in modern information systems and networks. The attention is drawn to improving security in the face of a growing number of cyberattacks and analyzing ethical hacking to prevent intruders’ threats. An overview of the main approaches to penetration testing, such as Black Box, White Box, and Gray Box, is provided. Each method assesses system security at different levels, depending on the information available about the network under test. The classification of penetration testing by the tested aspects, such as testing of applications, networks, physical systems, and social engineering methods, is considered. The authors emphasize that web applications require special attention, as they are the main target of many attacks. The article also presents a systematic approach to penetration testing, which includes six main stages: planning, information gathering, vulnerability detection, penetration attempt, analysis and reporting, and cleanup. The authors emphasize the importance of each stage for effectively protecting information resources and ensuring their resilience to attacks. The article provides an overview of popular penetration testing tools, such as Kali Linux, Metasploit, Nmap, and Wireshark, and analyzes their application at different stages of the pentest. The international security standards used to develop a penetration testing methodology are discussed. The conclusions emphasize the importance of penetration testing to identify and eliminate vulnerabilities in information systems. The authors note that effective penetration testing requires the professional skills of ethical hackers who can use the same methods as attackers but aim to strengthen system security.

References

Aydos, M., Aldan, Ç., Coşkun, E., Soydan, A. Security testing of web applications: A systematic mapping of the literature. Journal of King Saud University – Computer and Information Sciences. 2022. № 34(9), Pp. 6775-6792. DOI: 10.1016/j.jksuci.2021.09.018.

Mubshra, Q., Shahid, F., Mohd, H., Nizam, B., Md, N., Atif, A. A Rigorous Approach to Prioritizing Challenges of Web-Based Application Systems. Malaysian Journal of Computer Science. № 34. 2021 DOI: 10.22452/mjcs.vol34no2.1.

Dukes, L., Yuan, X., Akowuah, F. A case study on web application security testing with tools and manual testing. Proceedings of IEEE Southeastcon-2013. 2013. Pp. 1-6. DOI: 10.1109/SECON.2013.6567420.

Shahid, J., Hameed, M., Javed, I., Qureshi, K., Ali, M., Crespi, N. (). A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Applied Sciences. 2022 № 12. P. 4077. DOI: 10.3390/app12084077.

Тест на проникнення – Wikipedia 2024. URL: https://uk.wikipedia.org/wiki/%D0%A2%D0%B5%D1%81%D1%82_%D0%BD%D0%B0_%D0%BF%D1%80%D0%BE%D0%BD%D0%B8%D0%BA%D0%BD%D0%B5%D0%BD%D0%BD%D1%8F

Ric Messier. Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems : Apress. 2016. 115 p.

ДСТУ ISО/IEC TS 27008:2019 (ISО/IEC TS 27008:2019, IDT) Інформаційні технології. Методи захисту.

Закон України “Про захист інформації в інформаційно-телекомунікаційних системах № 26 від 2005 р.” URL: https://zakon.rada.gov.ua/laws/show/2594-15.

Top 5 Penetration Testing Methodologies and Standards URL: https://www.getastra.com/blog/security-audit/penetration-testing-methodology/#.

Oriyano Sean-Philip. Penetration Testing Essentials. Sybex, a Wiley brand. 2017. 363 p.

Baloch Rafay. Ethical hacking and penetration testing guide. Auerbach Publications. 2017. 523 p.

Wilhelm, Thomas. Professional penetration testing: Creating and learning in a hacking lab. Newnes. 2013. 525 p.

BSI – Study A Penetration Testing Model. Federal Office for Information Security, 111 p. URL: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Penetration/penetration_pdf.html

Gilberto Najera-Gutierrez, Juned Ahmed Ansari. Web Penetration Testing with Kali Linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd. 2018.

Johansen, Gerard. Kali Linux 2–Assuring Security by Penetration Testing : Packt Publishing Ltd. 2016.

Cameron Buchanan, Vivek Ramachandran. Kali Linux Wireless Penetration Testing Beginner’s Guide: Master wireless testing techniques to survey and attack wireless networks with Kali Linux, including the KRACK attack : Packt Publishing Ltd. 2017.

Matthew Denis, Carlos Zena, Thaier Hayajneh. Penetration testing: Concepts, attack methods, and defense strategies. IEEE Long Island Systems, Applications and Technology Conference (LISAT). IEEE. 2016.

Georgia Weidman Penetration Testing – A hand on introduction to hacking. San Francisco. 2014

Ge Chu, Alexei Lisitsa. Penetration Testing for Internet of Things and Its Automation. 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). IEEE, 2018.

Downloads

Published

2024-11-26