Penetration Testing Report: Methodologies, Legal, and Decision Tree
VerifiedAdded on 2022/08/20
|12
|2862
|10
Report
AI Summary
This report delves into the realm of penetration testing, a crucial aspect of cybersecurity. It begins by comparing various penetration testing methodologies, including white box, black box, and gray box approaches, highlighting their strengths and weaknesses. The report then addresses the statutory and legal considerations that penetration testers must adhere to, emphasizing the importance of compliance and ethical practices. It outlines a Standard Operating Procedure (SOP) for a specific task, likely related to vulnerability assessment or exploitation, and presents a decision-making tree to guide the testing process. The report underscores the significance of penetration testing in identifying vulnerabilities, fine-tuning security policies, and ultimately, fortifying systems against cyber threats. It emphasizes the role of penetration testing in helping organizations understand their security posture and make informed decisions to enhance their defenses. The report is a comprehensive overview of penetration testing, covering methodologies, legal aspects, and practical implementation.
Running head: PENETRATION TESTING
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1PENETRATION TESTING
Table of Contents
Introduction..........................................................................................................................2
PenTest Methodologies Comparison...............................................................................2
Statutory and Legal Consideration of Penetration Tester................................................4
SOP for task 2..................................................................................................................5
Decision making tree.......................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
Table of Contents
Introduction..........................................................................................................................2
PenTest Methodologies Comparison...............................................................................2
Statutory and Legal Consideration of Penetration Tester................................................4
SOP for task 2..................................................................................................................5
Decision making tree.......................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
2PENETRATION TESTING
Introduction
Penetration test, is also known as pen test, which is known to be simulated cyber-attack
against computer system for exploiting the vulnerabilities. With reference to context regarding
web application security, penetration testing is mainly used for augmentation of a web
application firewall. Pen testing requires the involvement with idea of breaching any number of
the application system. In order to uncover the vulnerabilities, unsanitized inputs which are
susceptible to attacks related to code injection (Dawson and McDonald 2016). Insight given by
penetration test can be used for fine-tuning of WAF security policies, and patch detected
vulnerabilities. Some of the well-known penetration testing methods are external testing, internal
testing, blind testing, double-blind testing and target testing. Penetration testing tools are
considered to be a part of penetration test (Pen Test) which are required for automating different
tasks (Shaukat et al. 2016). It can easily enhance testing efficiency and analyzing various kind of
problem. Two of the common tools for penetration testing are static analysis tools and dynamic
analysis tools.
In the coming pages of report, a comparison has been done regarding various kind of
PenTest methodologies comparison. The next part deals with statutory and legal consideration
which should be taken into account for penetration tester. In addition, the report also highlights
SOP for task 2 and decision making tree.
PenTest Methodologies Comparison
As a result of increase in cyber-attacks, organization have focused on carrying out
security testing of both software application and related products. Penetration testing can be
considered as a widely used technique for vulnerability identification in some of the areas of
system (Baloch 2017). This requires the involvement of some wilful attacks on system for
Introduction
Penetration test, is also known as pen test, which is known to be simulated cyber-attack
against computer system for exploiting the vulnerabilities. With reference to context regarding
web application security, penetration testing is mainly used for augmentation of a web
application firewall. Pen testing requires the involvement with idea of breaching any number of
the application system. In order to uncover the vulnerabilities, unsanitized inputs which are
susceptible to attacks related to code injection (Dawson and McDonald 2016). Insight given by
penetration test can be used for fine-tuning of WAF security policies, and patch detected
vulnerabilities. Some of the well-known penetration testing methods are external testing, internal
testing, blind testing, double-blind testing and target testing. Penetration testing tools are
considered to be a part of penetration test (Pen Test) which are required for automating different
tasks (Shaukat et al. 2016). It can easily enhance testing efficiency and analyzing various kind of
problem. Two of the common tools for penetration testing are static analysis tools and dynamic
analysis tools.
In the coming pages of report, a comparison has been done regarding various kind of
PenTest methodologies comparison. The next part deals with statutory and legal consideration
which should be taken into account for penetration tester. In addition, the report also highlights
SOP for task 2 and decision making tree.
PenTest Methodologies Comparison
As a result of increase in cyber-attacks, organization have focused on carrying out
security testing of both software application and related products. Penetration testing can be
considered as a widely used technique for vulnerability identification in some of the areas of
system (Baloch 2017). This requires the involvement of some wilful attacks on system for
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3PENETRATION TESTING
analyzing some of the weak areas. These may provide a proper passage for the unauthorized user
for attacking the system along with altering both integrity and veracity. Penetration testing can
be easily categorized as per the testing approaches which are to be used.
Wide Box Penetration testing: In this, the tester has a complete access and in-depth
knowledge of system that requires to be tested. It is very much useful in order to carry out
penetration testing (Dürrwang et al. 2018). White box penetration testing helps an individual to
carry out the system testing, which has admin or root-level access. It merely includes complete
access to architecture, specification and source code. White box penetration testing stands out to
be bit time-consuming as a result of this approach (Stefinko and Piskuzub 2017). White box
testing aims to provide information with respect to any exploitable flaws in a particular manner.
There are many benefits of white-box security testing procedure.
Black Box Penetration Testing: In this particular penetration testing, a very high level of
information is completely made available to tester. The tester has complete idea regarding both
system and network. This particular approach can miss some of the vital areas at the time of
testing (van den Hout 2019). This particular testing does not require any kind of earlier
information regarding the target network or even application. It is merely carried out by making
use of scenario from real world. In most of the cases, team testing can have an easy access to
some of the application source code or other important elements of the network (Klíma 2016).
This particular testing method enable the security expert to have a look at various level of
security.
Gray Box Penetration testing: Gray box penetration testing merely makes use of the
limited information to the available tester to conduct an attack on the system externally. Gray
box testing can be stated as a combination of white-box testing and black-box testing. This can
analyzing some of the weak areas. These may provide a proper passage for the unauthorized user
for attacking the system along with altering both integrity and veracity. Penetration testing can
be easily categorized as per the testing approaches which are to be used.
Wide Box Penetration testing: In this, the tester has a complete access and in-depth
knowledge of system that requires to be tested. It is very much useful in order to carry out
penetration testing (Dürrwang et al. 2018). White box penetration testing helps an individual to
carry out the system testing, which has admin or root-level access. It merely includes complete
access to architecture, specification and source code. White box penetration testing stands out to
be bit time-consuming as a result of this approach (Stefinko and Piskuzub 2017). White box
testing aims to provide information with respect to any exploitable flaws in a particular manner.
There are many benefits of white-box security testing procedure.
Black Box Penetration Testing: In this particular penetration testing, a very high level of
information is completely made available to tester. The tester has complete idea regarding both
system and network. This particular approach can miss some of the vital areas at the time of
testing (van den Hout 2019). This particular testing does not require any kind of earlier
information regarding the target network or even application. It is merely carried out by making
use of scenario from real world. In most of the cases, team testing can have an easy access to
some of the application source code or other important elements of the network (Klíma 2016).
This particular testing method enable the security expert to have a look at various level of
security.
Gray Box Penetration testing: Gray box penetration testing merely makes use of the
limited information to the available tester to conduct an attack on the system externally. Gray
box testing can be stated as a combination of white-box testing and black-box testing. This can
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4PENETRATION TESTING
be considered as an invaluable tool which is needed for ensuring the overall security in the
software domain (Jat, Lamba and Rathore 2019). Gray box testing comes into the picture as a
result of both white and black box approaches. In this, tester may have a partial idea regarding
the internal application structure. This merely focuses on designing more target-based scenario.
Statutory and Legal Consideration of Penetration Tester
As technology is changing at a rapid rate, there are some questions related to legal
protections. It merely comes into picture as a result of misuse updated technology. There are
various kind of jurisdiction that can govern organization and its client (Gupta 2017). One of the
major issue which the organization face in maintaining information security is development of
legal system.
Technology merely defines the consideration which is used by pen testing in the firm,
which requires to have the legal consideration prior to entering the pen testing method. One of
the consideration which should be taken into account is the law which completely surrounds the
practice related to port scanning (Aar and Sharma 2017). Most of the nation come up with
stringent law which can completely infringe upon the pen tester for being effective. United
Kingdom come up with computer system Act which is regarding illegal supply or even offering
of supply. The biggest problem which come into picture are some security tools which are
complete ethical in approach. Implementation of black hat attack and things related to this can be
analyzed either by guesswork or evidence.
Prior to allowing an individual to carry out testing on sensitive data, organization need to
measure which is respect to confidentiality, data integrity and availability. For this kind of
agreement, there is need for legal compliance that stand out to be vital for the firm (Krasniqi and
be considered as an invaluable tool which is needed for ensuring the overall security in the
software domain (Jat, Lamba and Rathore 2019). Gray box testing comes into the picture as a
result of both white and black box approaches. In this, tester may have a partial idea regarding
the internal application structure. This merely focuses on designing more target-based scenario.
Statutory and Legal Consideration of Penetration Tester
As technology is changing at a rapid rate, there are some questions related to legal
protections. It merely comes into picture as a result of misuse updated technology. There are
various kind of jurisdiction that can govern organization and its client (Gupta 2017). One of the
major issue which the organization face in maintaining information security is development of
legal system.
Technology merely defines the consideration which is used by pen testing in the firm,
which requires to have the legal consideration prior to entering the pen testing method. One of
the consideration which should be taken into account is the law which completely surrounds the
practice related to port scanning (Aar and Sharma 2017). Most of the nation come up with
stringent law which can completely infringe upon the pen tester for being effective. United
Kingdom come up with computer system Act which is regarding illegal supply or even offering
of supply. The biggest problem which come into picture are some security tools which are
complete ethical in approach. Implementation of black hat attack and things related to this can be
analyzed either by guesswork or evidence.
Prior to allowing an individual to carry out testing on sensitive data, organization need to
measure which is respect to confidentiality, data integrity and availability. For this kind of
agreement, there is need for legal compliance that stand out to be vital for the firm (Krasniqi and
5PENETRATION TESTING
Bejtullahu 2018). There is some vital regulations that needs to be observed at the time of
establishing and maintaining security. Most of the authorized system are highlighted for
implementation of penetration test. In most of the cases, the penetration test completely affect the
performance of system. It can even result from increasing in confidentiality and issues related to
integrity. So this stand out to be very much important even in the case of penetration testing. All
these kind of testing are performed by some of the internal staff who wants to get permission for
writing (Baloch 2017). There is need for written agreement in between tester and organization so
that all the points can be clarified. It is merely done with data security and disclosure before
commencing of testing.
There is need for statement of intent which needs to be drawn up and signed by two
parties. It should be done prior to starting of any testing work. This clearly needs to outline the
job scope which the individual may or may not use for carrying out vulnerability testing (Hasan
and Meva 2018). From the viewpoint of tester, it is very much important to known who owns the
business or system. In addition, he or she needs to have proper infrastructure for system testing
and their target, which is affected by pen-testing. A legal agreement stands out to be beneficial
for both parties.
SOP for task 2
The point should be noted that penetration testing can be defined as the method where the
attacker can make use of security controls. This is required for having complete access to the
organization system. Penetration testing is much more than running by scanner, which automate
the different tools which are used for writing a given report (Shahidullah 2019). There many kind
of shift that completely defines the way where penetration testing in the security industry.
Penetration Testing Execution Standard (PTES) can be defined as the penetration test, which
Bejtullahu 2018). There is some vital regulations that needs to be observed at the time of
establishing and maintaining security. Most of the authorized system are highlighted for
implementation of penetration test. In most of the cases, the penetration test completely affect the
performance of system. It can even result from increasing in confidentiality and issues related to
integrity. So this stand out to be very much important even in the case of penetration testing. All
these kind of testing are performed by some of the internal staff who wants to get permission for
writing (Baloch 2017). There is need for written agreement in between tester and organization so
that all the points can be clarified. It is merely done with data security and disclosure before
commencing of testing.
There is need for statement of intent which needs to be drawn up and signed by two
parties. It should be done prior to starting of any testing work. This clearly needs to outline the
job scope which the individual may or may not use for carrying out vulnerability testing (Hasan
and Meva 2018). From the viewpoint of tester, it is very much important to known who owns the
business or system. In addition, he or she needs to have proper infrastructure for system testing
and their target, which is affected by pen-testing. A legal agreement stands out to be beneficial
for both parties.
SOP for task 2
The point should be noted that penetration testing can be defined as the method where the
attacker can make use of security controls. This is required for having complete access to the
organization system. Penetration testing is much more than running by scanner, which automate
the different tools which are used for writing a given report (Shahidullah 2019). There many kind
of shift that completely defines the way where penetration testing in the security industry.
Penetration Testing Execution Standard (PTES) can be defined as the penetration test, which
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6PENETRATION TESTING
affects the experience of both new and experienced penetration tester. It is merely adopted by
most of the leading members of the security community (Al Barghuthi et al. 2017). There are
stages of PEST, designed for completing the penetration test. This merely aims in assuring the
client firm that helps in the standardization of effort level.
Interaction of pre-engagement: In this section, PTES is also present, which explains
regarding various kind of available tool and techniques. This focus on successful pre-
engagement of the penetration test (Armstrong et al. 2018). It merely comes into the picture at
the instance of discussing the scope in terms of penetration test with the various client.
Intelligent Gathering: An individual needs to collect some information about the firm
which is being attacked by making use of social media platform, hacking and footprint of target.
It stand out to be as one of the vital skill of penetration tester can have (Fashoto, Ogunleye and
Adabara 2018). It is the ability for learning about the given target.
Threat Modelling: By making use of need information, a tester can easily acquire with
intelligence gathering stage. It is all about identification of current vulnerabilities on target
system. At the time of carrying out threat modelling an individual needs to analyze the effective
method (Dürrwang et al. 2018). It merely focus on kind of information and how the firm can be
attacked.
Vulnerability analysis: There is a need for identification of some most viable method of
work. An individual needs to take into account the ways of accessing the target. At the time of
vulnerability analysis, an individual needs to combine the given information that is to be learned
about the earlier stage.
affects the experience of both new and experienced penetration tester. It is merely adopted by
most of the leading members of the security community (Al Barghuthi et al. 2017). There are
stages of PEST, designed for completing the penetration test. This merely aims in assuring the
client firm that helps in the standardization of effort level.
Interaction of pre-engagement: In this section, PTES is also present, which explains
regarding various kind of available tool and techniques. This focus on successful pre-
engagement of the penetration test (Armstrong et al. 2018). It merely comes into the picture at
the instance of discussing the scope in terms of penetration test with the various client.
Intelligent Gathering: An individual needs to collect some information about the firm
which is being attacked by making use of social media platform, hacking and footprint of target.
It stand out to be as one of the vital skill of penetration tester can have (Fashoto, Ogunleye and
Adabara 2018). It is the ability for learning about the given target.
Threat Modelling: By making use of need information, a tester can easily acquire with
intelligence gathering stage. It is all about identification of current vulnerabilities on target
system. At the time of carrying out threat modelling an individual needs to analyze the effective
method (Dürrwang et al. 2018). It merely focus on kind of information and how the firm can be
attacked.
Vulnerability analysis: There is a need for identification of some most viable method of
work. An individual needs to take into account the ways of accessing the target. At the time of
vulnerability analysis, an individual needs to combine the given information that is to be learned
about the earlier stage.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7PENETRATION TESTING
Exploitation: It stand out to be as one of most glamorous aspect of penetration testing. It
can be done with the force instead of precision.
Decision-making tree
Penetration testing requires the involvement of team members who can conduct both
technical and process tasks. Penetration testing only aims to send a message which the
organization is doing and what they can do to ensure the overall security of both confidential and
private data. This merely helps in developer team to make have an understanding regarding the
dynamic hacks (Stefinko and Piskuzub 2017). Penetration testing service help the team members
to analyze some of the areas for overall improvement and prioritize the threat mitigation
strategies.
Penetration testing mainly results in supporting outcomes which can help the firm to
understand the various attack vectors which compromise data (Klíma 2016). Web application
security testing exercises is where the pen tester can find different ways of attacking the
application. It will provide the SDLC team with perspective of vulnerability which is more about
the attacker point of view. Security testing and penetration testing are completely guided by the
threat model (van den Hout 2019). The point should be noted that threat model stand out a
blueprint of penetration testing. There is need for including targeting data available from threat
intelligence.
Attack model stand out to be foundation for organizing and implementing attack against
the given target system in case of attack resistance test. By complete redefinition of the model of
attack tree node, it complete describes the relation of attack tree nodes (Jat, Lamba and Rathore
2019). A penetration test model can be used for organizing, describing, managing, attack
Exploitation: It stand out to be as one of most glamorous aspect of penetration testing. It
can be done with the force instead of precision.
Decision-making tree
Penetration testing requires the involvement of team members who can conduct both
technical and process tasks. Penetration testing only aims to send a message which the
organization is doing and what they can do to ensure the overall security of both confidential and
private data. This merely helps in developer team to make have an understanding regarding the
dynamic hacks (Stefinko and Piskuzub 2017). Penetration testing service help the team members
to analyze some of the areas for overall improvement and prioritize the threat mitigation
strategies.
Penetration testing mainly results in supporting outcomes which can help the firm to
understand the various attack vectors which compromise data (Klíma 2016). Web application
security testing exercises is where the pen tester can find different ways of attacking the
application. It will provide the SDLC team with perspective of vulnerability which is more about
the attacker point of view. Security testing and penetration testing are completely guided by the
threat model (van den Hout 2019). The point should be noted that threat model stand out a
blueprint of penetration testing. There is need for including targeting data available from threat
intelligence.
Attack model stand out to be foundation for organizing and implementing attack against
the given target system in case of attack resistance test. By complete redefinition of the model of
attack tree node, it complete describes the relation of attack tree nodes (Jat, Lamba and Rathore
2019). A penetration test model can be used for organizing, describing, managing, attack
8PENETRATION TESTING
schedule for attack resistance test. In addition, a penetration attack test can be designed where
attack scheme stand out to be application of new model.
Fig 1: Decision Tree for Penetration Testing
(Source: Gupta 2017)
Conclusion
The above pages help us in concluding the point that the report is all about penetration
testing. This can be stated like a security exercise where most of the cyber-security experts
emphasize and exploit various kind of vulnerabilities in the system. The mere focus of this
stimulated attack is all about identification of any weak spots in system defense. It merely
focuses on the points which the attacker can easily have the advantage of. Vulnerability
assessment helps in identification and report to be noted for various kind of vulnerabilities. It
helps in analyzing whether unauthorized access or even malicious activity can be done.
Penetration testing is merely inclusive of network penetration testing and application security
schedule for attack resistance test. In addition, a penetration attack test can be designed where
attack scheme stand out to be application of new model.
Fig 1: Decision Tree for Penetration Testing
(Source: Gupta 2017)
Conclusion
The above pages help us in concluding the point that the report is all about penetration
testing. This can be stated like a security exercise where most of the cyber-security experts
emphasize and exploit various kind of vulnerabilities in the system. The mere focus of this
stimulated attack is all about identification of any weak spots in system defense. It merely
focuses on the points which the attacker can easily have the advantage of. Vulnerability
assessment helps in identification and report to be noted for various kind of vulnerabilities. It
helps in analyzing whether unauthorized access or even malicious activity can be done.
Penetration testing is merely inclusive of network penetration testing and application security
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9PENETRATION TESTING
testing along with control. It merely processes around the network and application. This should
take place from both outside the network which come in external testing and from the inside
system. Tools for different kind of attack are merely inclusive of software design that produces
brute-force attack or even SQL injections. There is a list of hardware which are more specifically
designed for pen-testing like small boxes. It can be easily plugged into the system on the network
that provides the hacker with remote access to the given network.
testing along with control. It merely processes around the network and application. This should
take place from both outside the network which come in external testing and from the inside
system. Tools for different kind of attack are merely inclusive of software design that produces
brute-force attack or even SQL injections. There is a list of hardware which are more specifically
designed for pen-testing like small boxes. It can be easily plugged into the system on the network
that provides the hacker with remote access to the given network.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10PENETRATION TESTING
References
Aar, P. and Sharma, A.K., 2017. Analysis of Penetration Testing Tools. International Journal of
Advanced Research in Computer Science and Software Engineering (IJARCSSE), 7(9), p.36.
Al Barghuthi, N.B., Saleh, M., Alsuwaidi, S. and Alhammadi, S., 2017, October. Evaluation of
portable penetration testing on smart cities applications using Raspberry Pi III. In 2017 Fourth
HCT Information Technology Trends (ITT) (pp. 67-72). IEEE.
Armstrong, M.E., Jones, K.S., Namin, A.S. and Newton, D.C., 2018, September. The
Knowledge, Skills, and Abilities Used by Penetration Testers: Results of Interviews with
Cybersecurity Professionals in Vulnerability Assessment and Management. In Proceedings of
the Human Factors and Ergonomics Society Annual Meeting (Vol. 62, No. 1, pp. 709-713). Sage
CA: Los Angeles, CA: SAGE Publications.
Baloch, R., 2017. Ethical hacking and penetration testing guide. CRC Press.
Dawson, J. and McDonald, J.T., 2016, April. Improving Penetration Testing Methodologies for
Security-Based Risk Assessment. In 2016 Cybersecurity Symposium (CYBERSEC) (pp. 51-58).
IEEE.
Dürrwang, J., Braun, J., Rumez, M., Kriesten, R. and Pretschner, A., 2018. Enhancement of
automotive penetration testing with threat analyses results. SAE International Journal of
Transportation Cybersecurity and Privacy, 1(11-01-02-0005), pp.91-112.
Fashoto, S.G., Ogunleye, G.O. and Adabara, I., 2018. EVALUATION OF NETWORK AND
SYSTEMS SECURITY USING PENETRATION TESTING IN A SIMULATION
ENVIRONMENT. Computer Science & Telecommunications, 54(2).
References
Aar, P. and Sharma, A.K., 2017. Analysis of Penetration Testing Tools. International Journal of
Advanced Research in Computer Science and Software Engineering (IJARCSSE), 7(9), p.36.
Al Barghuthi, N.B., Saleh, M., Alsuwaidi, S. and Alhammadi, S., 2017, October. Evaluation of
portable penetration testing on smart cities applications using Raspberry Pi III. In 2017 Fourth
HCT Information Technology Trends (ITT) (pp. 67-72). IEEE.
Armstrong, M.E., Jones, K.S., Namin, A.S. and Newton, D.C., 2018, September. The
Knowledge, Skills, and Abilities Used by Penetration Testers: Results of Interviews with
Cybersecurity Professionals in Vulnerability Assessment and Management. In Proceedings of
the Human Factors and Ergonomics Society Annual Meeting (Vol. 62, No. 1, pp. 709-713). Sage
CA: Los Angeles, CA: SAGE Publications.
Baloch, R., 2017. Ethical hacking and penetration testing guide. CRC Press.
Dawson, J. and McDonald, J.T., 2016, April. Improving Penetration Testing Methodologies for
Security-Based Risk Assessment. In 2016 Cybersecurity Symposium (CYBERSEC) (pp. 51-58).
IEEE.
Dürrwang, J., Braun, J., Rumez, M., Kriesten, R. and Pretschner, A., 2018. Enhancement of
automotive penetration testing with threat analyses results. SAE International Journal of
Transportation Cybersecurity and Privacy, 1(11-01-02-0005), pp.91-112.
Fashoto, S.G., Ogunleye, G.O. and Adabara, I., 2018. EVALUATION OF NETWORK AND
SYSTEMS SECURITY USING PENETRATION TESTING IN A SIMULATION
ENVIRONMENT. Computer Science & Telecommunications, 54(2).
11PENETRATION TESTING
Gupta, B.B., 2017. Requirements Based Web Application Security Testing–A Preemptive
Approach!.
Hasan, A. and Meva, D., 2018. Web Application Safety by Penetration Testing. International
Journal of Advanced Studies of Scientific Research, 3(9).
Jat, S.C., Lamba, C.S. and Rathore, V.S., 2019. Software Quality Improvement Through
Penetration Testing. In Emerging Trends in Expert Applications and Security (pp. 239-244).
Springer, Singapore.
Klíma, T., 2016. PETA: Methodology of information systems security penetration testing. Acta
Informatica Pragensia, 5(2), pp.98-117.
Krasniqi, G. and Bejtullahu, V., 2018. Vulnerability Assessment & Penetration Testing: Case
study on web application security.
Shahidullah, M., 2019. Vulnerability Assessment Penetration Testing for Web Application.
Shaukat, K., Faisal, A., Masood, R., Usman, A. and Shaukat, U., 2016, December. Security
quality assurance through penetration testing. In 2016 19th International Multi-Topic
Conference (INMIC) (pp. 1-6). IEEE.
Stefinko, Y.Y. and Piskuzub, A.Z., 2017. Theory of modern penetration testing expert
system. Системи обробки інформації, (2), pp.129-133.
van den Hout, N.J., 2019. Standardised penetration testing? Examining the usefulness of current
penetration testing methodologies.
Gupta, B.B., 2017. Requirements Based Web Application Security Testing–A Preemptive
Approach!.
Hasan, A. and Meva, D., 2018. Web Application Safety by Penetration Testing. International
Journal of Advanced Studies of Scientific Research, 3(9).
Jat, S.C., Lamba, C.S. and Rathore, V.S., 2019. Software Quality Improvement Through
Penetration Testing. In Emerging Trends in Expert Applications and Security (pp. 239-244).
Springer, Singapore.
Klíma, T., 2016. PETA: Methodology of information systems security penetration testing. Acta
Informatica Pragensia, 5(2), pp.98-117.
Krasniqi, G. and Bejtullahu, V., 2018. Vulnerability Assessment & Penetration Testing: Case
study on web application security.
Shahidullah, M., 2019. Vulnerability Assessment Penetration Testing for Web Application.
Shaukat, K., Faisal, A., Masood, R., Usman, A. and Shaukat, U., 2016, December. Security
quality assurance through penetration testing. In 2016 19th International Multi-Topic
Conference (INMIC) (pp. 1-6). IEEE.
Stefinko, Y.Y. and Piskuzub, A.Z., 2017. Theory of modern penetration testing expert
system. Системи обробки інформації, (2), pp.129-133.
van den Hout, N.J., 2019. Standardised penetration testing? Examining the usefulness of current
penetration testing methodologies.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.