Title |
Automatinių įrankių svetainės atsparumo įsilaužimui analizė ir įvertinimas / |
Translation of Title |
Analysis and evaluation of automated website penetration testing tools. |
Authors |
Saukaitis, Gedas |
Full Text |
|
Pages |
58 |
Keywords [eng] |
pentesting tools ; security improvement ; automated testing ; website security |
Abstract [eng] |
The research topic was automated website pentesting tools. The aim of the research is a possibility to replace a professional security audit to an automated pentesting scan. As the main purpose of the automated scan is to have a cheaper alternative – all the security related settings were default. Aim of research: to research effectiveness of automated pentesting tools and consider a possibility to replace a proffessional audit. Objectives: 1. Analyze the most popular vulnerabilities 2. Identify a scope of the security issues 3. Possible mitigation options Research method – the research was done by using 6 most popular automated pentesting tools. 3 commercial and 3 open source tools were chosen to conduct the test. In order to evaluate the effectiveness of each tool, vulnerable application was deployed. Web application consisted of vulnerable WordPress content management system core released 2 years ago and 9 popular plugins with public advisories. Research results – the most vulnerabilities were identified by commercial tool Acunetix. The local vulnerability database was the advantage that allowed to identify almost all the vulnerabilities. That was the reason why it was capable to identify security flaws that could not be identified just by browsing the web page. |
Dissertation Institution |
Kauno technologijos universitetas. |
Type |
Master thesis |
Language |
Lithuanian |
Publication date |
2017 |