According To The Internet Security Threat Report 2019 By Symantec, There Was 56% Growth Observed In Web-Based Attacks In 2018: Cybersecurity Research Paper, NCI, Ireland
|University||National College of Ireland (NCI)|
According to the Internet Security Threat Report 2019 by Symantec, there was 56% growth observed in web-based attacks in 2018, with an average of 30 to 40 million attacks detected per month. In recent years web application exploitation has been used excessively against internet-based applications. Penetration testing is a process of simulating cyber-attacks against the target system. The penetration test is a controlled process of penetrating the network or web application environment in order to identify vulnerabilities.
The difference between a hacker and a penetration tester is that the penetration test is carried out with permission, a signed contract,s and licenses. At the end of the penetration test, a report with all the observations and vulnerabilities is prepared and presented to the client. The penetration test can be performed manually by a professional penetration tester who assesses the network environment or the web application for known vulnerabilities.
The manual penetration test lacks repeatability and is largely dependent on the tester’s skills to identify the flaws in the application. The automated penetration test on the other hand is performed using software tools that analyze the application for vulnerabilities. Automated penetration testing tools have repeatability in their analysis, and they can produce consistent results for a target system or network. Penetration test has become an essential and critical activity not only in the information technology industry but all the industries which have an online presence.
The are many automated penetration testing tools available with different capabilities and qualities. The specifications which these automated penetration testing tools have a vast range which is from scanning a simple single-page web application to scanning a complex enterprise-level multi-layered application with multiple workflows.
To measure the effectiveness of web security scanners, Benchmarking is one of processes. There are well-known benchmarks available for web vulnerability scanners, such as Web Input Vector Extractor Teaser, and Web Application Vulnerability Scanner Evaluation Project benchmark.
In the Penetration testing industry, the automated tool is selected based on its ability to detect critical vulnerabilities and ease of usability factor. This has given me the motivation to identify the efficient automated penetration testing tool which suffices the current day trends in the industry.
This research was conducted with the objective of developing a framework to compare the automated penetration testing tools. We demonstrate the framework’s efficiency and usability using automated penetration testing tool case studies. The research framework is based on the previous research done by Mayur Turuvekere and Anala A.
Pandit proposes automated penetration testing tools evaluation based on vulnerabilities identified. This research widens the evaluation matrix and provides a broader scale that includes not only vulnerability detection but also other parameters of the penetration testing tools. The research is performed using statistical investigations of the outcomes obtained from the penetration testing tools.
- To identify efficient automated penetration testing tools to suffice the current day industry requirement.
- Develop a Framework to compare the web applications penetration testing tools.
- To do the research-based comparative analysis of automated penetration testing tools on recent trends in the industry.
- To demonstrate statistical investigations of the outcomes obtained from the penetration testing tools.