Penetration Testing Analysis with Standardized Report Generation
- DOI
- 10.2991/ahis.k.210913.045How to use a DOI?
- Keywords
- Penetration testing, Penetration testing report, Automated testing, Web application security
- Abstract
Penetration testing is a mirrored cyber-attack defined for identifying vulnerabilities and flaws in a computer system/Network/Web application— the organization appoints experts to conduct the test and present the details for deeper interpretation. One of the critical components of securing the network is to perform penetration tests of the network and web applications. In this paper, the industry-known OWASP (Open Web Application Security Project) vulnerability tool and three vulnerable web applications in a lab setup are explored and presented with a detailed analysis. Further, three penetration test reports are selected, and comprehensive analysis and reports are generated from the proposed setup. After the observation, it’s understood that there is a lack of standardization format of the penetration testing reports. Therefore, this paper presents a format that will cater to the understanding of domain knowledge experts, decision-making bodies, and board members of the top executives of an organization for making further decisions on improving the robustness of their network and web applications.
- Copyright
- © 2021, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Kousik Barik AU - A Abirami AU - Saptarshi Das AU - Karabi Konar AU - Archita Banerjee PY - 2021 DA - 2021/09/13 TI - Penetration Testing Analysis with Standardized Report Generation BT - Proceedings of the 3rd International Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021) PB - Atlantis Press SP - 365 EP - 372 SN - 2589-4900 UR - https://doi.org/10.2991/ahis.k.210913.045 DO - 10.2991/ahis.k.210913.045 ID - Barik2021 ER -