Furthermore, was developed a set of rules to analyze the responses in order to reduce false positives and negatives. In this way, was used the soapUI vulnerability scanner in order to emulate these attacks and insert malicious scripts in the requests of the web services tested. Given a black-box approach, this research use the penetration testing to emulate a series of attacks, such as Cross-site Scripting (XSS), Fuzzing Scan, Invalid Types, Malformed XML, SQL Injection, XPath Injection and XML Bomb. The difficulty to detect vulnerabilities,before they are exploited, encourages developers to use security testing like penetration testing to reduce the potential attacks.
These benefits involve a number of security challenges, such as Injection Attacks, phishing, Denial-of-Services (DoS) attacks, and so on. This technology was specifically designed to easily pass SOAP message through firewalls using open ports. Web services work over dynamic connections among distributed systems. In the tests we performed, WinJect was found to be more efficient in completing the vulnerability scans in a much shorter time. With user-friendly interfaces, it is also aimed to remove the bad user experience (UX) that these applications running on the command line have. Our proposed application uses Wapiti and SQLmap applications' services in the background. The primary goal of this application is to detect vulnerable locations in a shorter time with running in a multi-threaded structure.
This article describes the architecture of the software named VinJect, which is developed for efficient penetration testing and vulnerability scanning.
In this era where quality assurance and testing organizations become increasingly widespread, the effectiveness of the used tools and methods are critical. Sustainability of commercial systems is ensured through the regular scans of vulnerability. Penetration testing plays an important role in the development of secure software products and electronic systems.
0 kommentar(er)
