基于云的Web应用的渗透测试

WSEAS TRANSACTIONS ON COMPUTERS Pub Date : 2023-08-29 DOI:10.37394/23205.2023.22.13

R. Al-Khannak, Sajjan Singh Nehal

{"title":"基于云的Web应用的渗透测试","authors":"R. Al-Khannak, Sajjan Singh Nehal","doi":"10.37394/23205.2023.22.13","DOIUrl":null,"url":null,"abstract":"This paper discusses methods, tools, approaches, and techniques used for the penetration testing on the cloud-based web application on Amazon AWS platform. The findings of a penetration test could be used to fix weaknesses and vulnerabilities, and significantly improve security. The testing is implemented by undertaking a malicious attack aiming to breach system networks and thereby confirm the presence of cloud infrastructure. The research focuses on cloud-based web applications' high-risk vulnerabilities such as unrestricted file upload, command injection, and cross-site scripting. The outcomes expose and approved some vulnerabilities, flaws, and mistakes in the utilised cloud based web application. It is concluded that some vulnerabilities haveto be considered before architecting the cloud system. Recommendations are proposing solutions to testing results.","PeriodicalId":332148,"journal":{"name":"WSEAS TRANSACTIONS ON COMPUTERS","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Penetration Testing for the Cloud-Based Web Application\",\"authors\":\"R. Al-Khannak, Sajjan Singh Nehal\",\"doi\":\"10.37394/23205.2023.22.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper discusses methods, tools, approaches, and techniques used for the penetration testing on the cloud-based web application on Amazon AWS platform. The findings of a penetration test could be used to fix weaknesses and vulnerabilities, and significantly improve security. The testing is implemented by undertaking a malicious attack aiming to breach system networks and thereby confirm the presence of cloud infrastructure. The research focuses on cloud-based web applications' high-risk vulnerabilities such as unrestricted file upload, command injection, and cross-site scripting. The outcomes expose and approved some vulnerabilities, flaws, and mistakes in the utilised cloud based web application. It is concluded that some vulnerabilities haveto be considered before architecting the cloud system. Recommendations are proposing solutions to testing results.\",\"PeriodicalId\":332148,\"journal\":{\"name\":\"WSEAS TRANSACTIONS ON COMPUTERS\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"WSEAS TRANSACTIONS ON COMPUTERS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.37394/23205.2023.22.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"WSEAS TRANSACTIONS ON COMPUTERS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.37394/23205.2023.22.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

本文讨论了在Amazon AWS平台上对基于云的web应用程序进行渗透测试所使用的方法、工具、方法和技术。渗透测试的结果可用于修复弱点和漏洞，并显著提高安全性。测试是通过进行恶意攻击来实现的，目的是破坏系统网络，从而确认云基础设施的存在。该研究的重点是基于云的web应用程序的高风险漏洞，如无限制的文件上传、命令注入和跨站点脚本。结果暴露并认可了所使用的基于云的web应用程序中的一些漏洞、缺陷和错误。结论是，在构建云系统之前必须考虑一些漏洞。建议是针对测试结果提出解决办法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Penetration Testing for the Cloud-Based Web Application

This paper discusses methods, tools, approaches, and techniques used for the penetration testing on the cloud-based web application on Amazon AWS platform. The findings of a penetration test could be used to fix weaknesses and vulnerabilities, and significantly improve security. The testing is implemented by undertaking a malicious attack aiming to breach system networks and thereby confirm the presence of cloud infrastructure. The research focuses on cloud-based web applications' high-risk vulnerabilities such as unrestricted file upload, command injection, and cross-site scripting. The outcomes expose and approved some vulnerabilities, flaws, and mistakes in the utilised cloud based web application. It is concluded that some vulnerabilities haveto be considered before architecting the cloud system. Recommendations are proposing solutions to testing results.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

WSEAS TRANSACTIONS ON COMPUTERS

自引率

0.00%

发文量