ANALYSIS AND COMPARATIVE STUDIES OF SOFTWARE PENETRATION TESTING METHODS

Main Article Content

Джан Ліцзян
Цао Вейлін
Ян Рабчан
Вячеслав Давидов
Наталія Мірошніченко

Abstract

Information security is one of the most important components in any organization. The disclosure of this information can lead not only to material losses, but also to the loss of the reputation and image of the company, which ultimately, in some cases, can lead to its complete collapse. Therefore, in order to avoid these consequences, it is necessary to analyze the security and reliability of information processing systems. One of the most effective ways to do this is through the use of "penetration testing" methods. The results obtained. The section provides software vulnerabilities analysis. The most frequently used types of attacks and intrusions by cyber intruders are highlighted. In contrast to this, methods comparative analysis for identifying software vulnerabilities was carried out. It is concluded that it is advisable to improve the methods for identifying vulnerabilities through the recommendations complex use taking into account the existing security risks of software tools, the features of modern methodologies and software development tools, as well as the modern software penetration testing methods capabilities.

Article Details

How to Cite
Ліцзян, Д., Вейлін, Ц., Рабчан, Я., Давидов, В., & Мірошніченко, Н. (2021). ANALYSIS AND COMPARATIVE STUDIES OF SOFTWARE PENETRATION TESTING METHODS. Advanced Information Systems, 5(2), 136–140. https://doi.org/10.20998/2522-9052.2021.2.20
Section
Methods of information systems protection
Author Biographies

Джан Ліцзян, Neijiang Normal University, Neijiang

teacher, College of Computer Science

Цао Вейлін, Neijiang Normal University, Neijiang

teacher, Department of IT information Centre

Ян Рабчан, University of Žilina, Žilina

PhD, Faculty of Management Science and Informatics

Вячеслав Давидов, National Technical University «Kharkiv Polytechnic Institute», Kharkiv

Candidate of Technical Sciences, Associate Professor , Associate Professor of Computer Engineering and Programming Department

Наталія Мірошніченко, National Technical University «Kharkiv Polytechnic Institute», Kharkiv

Candidate of Technical Sciences, Associate Professor of Computer Engineering and Programming Department

References

(2020), Edgescan’s 2020 Vulnerability Stats Report Released, available at: https://www.edgescan.com/edgescans-2020-vulnerability-stats-report-released/

Kostadinov, Dimitar (2016), Introduction: Intelligence Gathering & Its Relationship to the Penetration Testing Process available at: https://resources.infosecinstitute.com/penetration-testing-intelligence-gathering/

Nickerson, С. (2012), The Penetration Testing Execution Standard, available at: http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines

Scarfonem К., Souppayam М., Codym А. and Orebaugh, А. (2012), NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment, USA, Gaithersburg, 80 p., available at: http://csrc.nist.gov/publications/ nistpubs/800-41-Rev1/sp800-41-rev1.pdf

(2012), Study A Penetration Tesing Model, Germany, Bonn, 111 р., available at: https://www.bsi.bund.de/SharedDocs/ Downloads/EN/BSI/Publications/Studies/Penetration/penetration_pdf.pdf?__blob=publicationFile

(2018), The Open Source Security Testing Methodology Manual, available at: http://www.isecom.org/mirror/OSSTMM.3.pdf.

Vacca, John R. (2017), Computer and Information Security Handbook Elsevier, 1280 p.

(2018), XPathinjection, available at: URL:https://portswigger.net/kb/issues/00100600_xpath-injection.