ANALYSIS AND COMPARATIVE STUDIES OF SOFTWARE PENETRATION TESTING METHODS
Main Article Content
Abstract
Information security is one of the most important components in any organization. The disclosure of this information can lead not only to material losses, but also to the loss of the reputation and image of the company, which ultimately, in some cases, can lead to its complete collapse. Therefore, in order to avoid these consequences, it is necessary to analyze the security and reliability of information processing systems. One of the most effective ways to do this is through the use of "penetration testing" methods. The results obtained. The section provides software vulnerabilities analysis. The most frequently used types of attacks and intrusions by cyber intruders are highlighted. In contrast to this, methods comparative analysis for identifying software vulnerabilities was carried out. It is concluded that it is advisable to improve the methods for identifying vulnerabilities through the recommendations complex use taking into account the existing security risks of software tools, the features of modern methodologies and software development tools, as well as the modern software penetration testing methods capabilities.
Article Details
References
(2020), Edgescan’s 2020 Vulnerability Stats Report Released, available at: https://www.edgescan.com/edgescans-2020-vulnerability-stats-report-released/
Kostadinov, Dimitar (2016), Introduction: Intelligence Gathering & Its Relationship to the Penetration Testing Process available at: https://resources.infosecinstitute.com/penetration-testing-intelligence-gathering/
Nickerson, С. (2012), The Penetration Testing Execution Standard, available at: http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
Scarfonem К., Souppayam М., Codym А. and Orebaugh, А. (2012), NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment, USA, Gaithersburg, 80 p., available at: http://csrc.nist.gov/publications/ nistpubs/800-41-Rev1/sp800-41-rev1.pdf
(2012), Study A Penetration Tesing Model, Germany, Bonn, 111 р., available at: https://www.bsi.bund.de/SharedDocs/ Downloads/EN/BSI/Publications/Studies/Penetration/penetration_pdf.pdf?__blob=publicationFile
(2018), The Open Source Security Testing Methodology Manual, available at: http://www.isecom.org/mirror/OSSTMM.3.pdf.
Vacca, John R. (2017), Computer and Information Security Handbook Elsevier, 1280 p.
(2018), XPathinjection, available at: URL:https://portswigger.net/kb/issues/00100600_xpath-injection.