期刊名称:International Journal of Network Security & Its Applications
印刷版ISSN:0975-2307
电子版ISSN:0974-9330
出版年度:2011
卷号:3
期号:6
DOI:10.5121/ijnsa.2011.360219
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This paper provides an overview of penetration testing. It discusses the benefits, the strategies and the methodology of conducting penetration testing. The methodology of penetration testing includes three phases: test preparation, test and test analysis. The test phase involves the following steps: information gathering, vulnerability analysis, and vulnerability exploit. This paper further illustrates how to apply this methodology to conduct penetration testing on two example web applications
关键词:Security Testing; Vulnerability Assessment; Penetration Testing; Web Application Penetration Testing
