Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid
{"title":"在模糊测试环境中自动化渗透测试","authors":"Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid","doi":"10.11113/IJIC.V8N3.180","DOIUrl":null,"url":null,"abstract":"Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment. This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.","PeriodicalId":50314,"journal":{"name":"International Journal of Innovative Computing Information and Control","volume":"53 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2018-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Automating Penetration Testing Within Ambiguous Testing Environment\",\"authors\":\"Lim Kah Seng, N. Ithnin, Syed Zainudeen Mohd Shaid\",\"doi\":\"10.11113/IJIC.V8N3.180\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment. This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.\",\"PeriodicalId\":50314,\"journal\":{\"name\":\"International Journal of Innovative Computing Information and Control\",\"volume\":\"53 1\",\"pages\":\"\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2018-11-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Innovative Computing Information and Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.11113/IJIC.V8N3.180\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Innovative Computing Information and Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.11113/IJIC.V8N3.180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
Automating Penetration Testing Within Ambiguous Testing Environment
Automated web application penetration testing has emerged as a trend. The computer was assigned the task of penetrating web application security with penetration testing technique. Relevant computer program reduces time, cost, and resources required for assessing a web application security. At the same time, scaling down tester reliance on human knowledge. Web application security scanner is such kind of program that is designed to assess web application security automatically with penetration testing technique. The downside is that computer is not well-formed as human. Consequently, web application security scanner often found generating the false alarms, especially in a testing environment, which web application source codes are unreachable. Thus, in this paper, the state-of-the-art of black box web application security scanner is systematically reviewed, to investigate the approaches for detecting web application vulnerability in an ambiguous testing environment. This survey is critical in providing insights on how to design efficient algorithms for assessing web application security with penetration testing technique in the ambiguous environment.
期刊介绍:
The primary aim of the International Journal of Innovative Computing, Information and Control (IJICIC) is to publish high-quality papers of new developments and trends, novel techniques and approaches, innovative methodologies and technologies on the theory and applications of intelligent systems, information and control. The IJICIC is a peer-reviewed English language journal and is published bimonthly