Reevan Seelen Jagamogan, Saiful Adli Ismail, N. Hafizah, Hassan Hafiza Abas
{"title":"内容管理系统(CMS)渗透测试方法综述","authors":"Reevan Seelen Jagamogan, Saiful Adli Ismail, N. Hafizah, Hassan Hafiza Abas","doi":"10.1109/ICRIIS53035.2021.9617087","DOIUrl":null,"url":null,"abstract":"These days, Content Management Systems (CMS) have been the target for adversaries in the cyber world since they are mostly open-source like Drupal, Joomla and WordPress, where no experts want to address the vulnerabilities due to them having no price tags. This paper aims to review the available and proposed penetration testing approaches and tools used on content management systems (CMS) and tabulate the results in a review matrix. There are 22 articles found regarding the proposed approaches and tools where some of which use machine learning (ML) algorithms. The matrix is categorized based on whether those approaches involve the use of machine learning algorithms or they involve other approaches like using basic penetration tools like Sqlmap and Metasploit to perform basic penetration tests like SQL Injection or Cross-site scripting (XSS). The penetration testing algorithms are further categorized on whether they are reinforcement learning (RL) algorithms or normal algorithms. Some of the approaches are later discussed in the third section of the paper, where they are categorized into penetration testing approaches that use reinforcement learning, the usage of basic penetration testing tools and the other proposed penetration testing tools.","PeriodicalId":269873,"journal":{"name":"2021 7th International Conference on Research and Innovation in Information Systems (ICRIIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Review: Penetration Testing Approaches on Content Management System (CMS)\",\"authors\":\"Reevan Seelen Jagamogan, Saiful Adli Ismail, N. Hafizah, Hassan Hafiza Abas\",\"doi\":\"10.1109/ICRIIS53035.2021.9617087\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"These days, Content Management Systems (CMS) have been the target for adversaries in the cyber world since they are mostly open-source like Drupal, Joomla and WordPress, where no experts want to address the vulnerabilities due to them having no price tags. This paper aims to review the available and proposed penetration testing approaches and tools used on content management systems (CMS) and tabulate the results in a review matrix. There are 22 articles found regarding the proposed approaches and tools where some of which use machine learning (ML) algorithms. The matrix is categorized based on whether those approaches involve the use of machine learning algorithms or they involve other approaches like using basic penetration tools like Sqlmap and Metasploit to perform basic penetration tests like SQL Injection or Cross-site scripting (XSS). The penetration testing algorithms are further categorized on whether they are reinforcement learning (RL) algorithms or normal algorithms. Some of the approaches are later discussed in the third section of the paper, where they are categorized into penetration testing approaches that use reinforcement learning, the usage of basic penetration testing tools and the other proposed penetration testing tools.\",\"PeriodicalId\":269873,\"journal\":{\"name\":\"2021 7th International Conference on Research and Innovation in Information Systems (ICRIIS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 7th International Conference on Research and Innovation in Information Systems (ICRIIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICRIIS53035.2021.9617087\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 7th International Conference on Research and Innovation in Information Systems (ICRIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRIIS53035.2021.9617087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Review: Penetration Testing Approaches on Content Management System (CMS)
These days, Content Management Systems (CMS) have been the target for adversaries in the cyber world since they are mostly open-source like Drupal, Joomla and WordPress, where no experts want to address the vulnerabilities due to them having no price tags. This paper aims to review the available and proposed penetration testing approaches and tools used on content management systems (CMS) and tabulate the results in a review matrix. There are 22 articles found regarding the proposed approaches and tools where some of which use machine learning (ML) algorithms. The matrix is categorized based on whether those approaches involve the use of machine learning algorithms or they involve other approaches like using basic penetration tools like Sqlmap and Metasploit to perform basic penetration tests like SQL Injection or Cross-site scripting (XSS). The penetration testing algorithms are further categorized on whether they are reinforcement learning (RL) algorithms or normal algorithms. Some of the approaches are later discussed in the third section of the paper, where they are categorized into penetration testing approaches that use reinforcement learning, the usage of basic penetration testing tools and the other proposed penetration testing tools.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
