在模糊测试环境中自动化渗透测试

IF 1.3 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE International Journal of Innovative Computing Information and Control Pub Date : 2018-11-21 DOI:10.11113/IJIC.V8N3.180
Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid
{"title":"在模糊测试环境中自动化渗透测试","authors":"Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid","doi":"10.11113/IJIC.V8N3.180","DOIUrl":null,"url":null,"abstract":"Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment.  This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.","PeriodicalId":50314,"journal":{"name":"International Journal of Innovative Computing Information and Control","volume":"53 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2018-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Automating Penetration Testing Within Ambiguous Testing Environment\",\"authors\":\"Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid\",\"doi\":\"10.11113/IJIC.V8N3.180\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment.  This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.\",\"PeriodicalId\":50314,\"journal\":{\"name\":\"International Journal of Innovative Computing Information and Control\",\"volume\":\"53 1\",\"pages\":\"\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2018-11-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Innovative Computing Information and Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.11113/IJIC.V8N3.180\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Innovative Computing Information and Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.11113/IJIC.V8N3.180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 1

摘要

自动化的web应用渗透测试已经成为一种趋势。利用渗透测试技术,给计算机分配了渗透web应用安全的任务。相关的计算机程序减少了评估web应用程序安全性所需的时间、成本和资源。同时,减少测试人员对人类知识的依赖。Web应用程序安全扫描程序是利用渗透测试技术自动评估Web应用程序安全性的一类程序。缺点是计算机不像人类那样构造良好。因此,web应用程序安全扫描器经常发现生成假警报,特别是在web应用程序源代码不可达的测试环境中。因此,本文系统回顾了黑盒web应用安全扫描器的发展现状,探讨了在模糊测试环境下检测web应用漏洞的方法。这项调查对于如何设计有效的算法来评估在模糊环境中使用渗透测试技术的web应用程序安全性提供了重要的见解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Automating Penetration Testing Within Ambiguous Testing Environment
Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment.  This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
3.20
自引率
20.00%
发文量
0
审稿时长
4.3 months
期刊介绍: The primary aim of the International Journal of Innovative Computing, Information and Control (IJICIC) is to publish high-quality papers of new developments and trends, novel techniques and approaches, innovative methodologies and technologies on the theory and applications of intelligent systems, information and control. The IJICIC is a peer-reviewed English language journal and is published bimonthly
期刊最新文献
A Robust Image Encryption Scheme Based on Block Compressive Sensing and Wavelet Transform New Proposed Mixed Transforms: CAW and FAW and Their Application in Medical Image Classification A Hybrid Multiwavelet Transform with Grey Wolf Optimization Used for an Efficient Classification of Documents A Useful and Effective Method for Selecting a Smart Controller for SDN Network Design and Implement Fast Dust Sand Image Enhancement Based on Color Correction and New Fuzzy Intensification Operators
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1