期刊名称:Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN:2093-5374
电子版ISSN:2093-5382
出版年度:2010
卷号:1
期号:1
页码:72-85
出版社:Innovative Information Science & Technology Research Group
摘要:Penetration testing is one of the most traditional and widely used techniques to detect security .aws in systems by conducting simulated-attacks to the target systems. Organizations can develop a tool based on this technique to assess their own security systems or use third party softwares. However, besides its advantages in exploring real security vulnerabilities without false results, this technique might leave side effects for the target systems such as incomplete testing, time consuming, disclosed sensitive information, etc. if it is used unwarily. Therefore, the penetration testers or the testing providers need a methodology in order for the test to be carried out more effectively in the security environment, and more importantly, make trust for the organizations as their systems will be verified. In this paper, we propose an extended and specific methodology for side-effects-free penetration testing in detection of database security .aws. In addition, based on this methodology, the proposed system architecture for a penetration testing tool to detect database security .aws in the secure environment, which is implemented in Oracle Database Server 10g/11g, will consolidate the applicability and effectiveness of our proposed methodology
