CFP last date
20 January 2025
Reseach Article

A Comparative Study of Pen Testing Tools

by Mayur Turuvekere, Anala A. Pandit
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 179 - Number 50
Year of Publication: 2018
Authors: Mayur Turuvekere, Anala A. Pandit
10.5120/ijca2018917318

Mayur Turuvekere, Anala A. Pandit . A Comparative Study of Pen Testing Tools. International Journal of Computer Applications. 179, 50 ( Jun 2018), 26-30. DOI=10.5120/ijca2018917318

@article{ 10.5120/ijca2018917318,
author = { Mayur Turuvekere, Anala A. Pandit },
title = { A Comparative Study of Pen Testing Tools },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2018 },
volume = { 179 },
number = { 50 },
month = { Jun },
year = { 2018 },
issn = { 0975-8887 },
pages = { 26-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume179/number50/29517-2018917318/ },
doi = { 10.5120/ijca2018917318 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:58:51.793327+05:30
%A Mayur Turuvekere
%A Anala A. Pandit
%T A Comparative Study of Pen Testing Tools
%J International Journal of Computer Applications
%@ 0975-8887
%V 179
%N 50
%P 26-30
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

It is a well-known fact that it is important and vital to the business to ensure data security. A business can have important information about it clients and customers, its vendors and the sales information which when put in wrong hands can be fatal for not only the business organization but also its various stakeholders. A penetration test, also known as a pen test, is a simulated cyberattack against any computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing makes a web application firewall more reliable and robust. Penetration testing tools are a part of a penetration test (Pen Test) to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. There are various penetration testing tools available in the market that organizations use as per their requirement. This paper focuses on various attacks that are possible on a web application and comparison of various penetration tools to find best tools for penetration testing.

References
  1. Pentesting on Web Applications using Ethical Hacking- Rina Elizabeth Lopez de Jimenez, Escuela de Computacion,Itca-Fepade,Santa Tecla, EI Salvador
  2. Testing Techniques and Analysis of SQL Injection Attacks 2017 - 2nd International Conference on Knowledge Engineering and Applications.
  3. Sqlmap: automatic SQL injection and database takeover tool (2018, May 19). [Online] Available: http://sqlmap.org/
  4. What is SQL Injection & How to Prevent it | Netsparker - (2018, June 5). [Online] Available: https://www.netsparker.com/blog/web-security/sql-injection-vulnerability/
  5. Types of SQL Injection? - (2018, June 5). [Online] Available: https://www.acunetix.com/websitesecurity/sql-injection2/
  6. Stacked Queries - SQL Injection Attacks - (2018, June 5). [Online] Available: http://www.sqlinjection.net/stacked-queries/
  7. XPATH Injection – OWASP (2018, May 19). [Online] Available: https://www.owasp.org/index.php/XPATH_Injection
  8. Cross-site Scripting (XSS) – OWASP (2018, May 19). [Online] Available: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  9. Denial of Service - OWASP - (2018, June 5). [Online] Available: https://www.owasp.org/index.php/Denial_of_Service
  10. Session hijacking attack - OWASP (2018, May 19). [Online] Available: https://www.owasp.org/index.php/Session_hijacking_attack
  11. Session Prediction – OWASP - (2018, June 5). [Online] Available: https://www.owasp.org/index.php/Session_Prediction
  12. Session hijacking attack – OWASP - (2018, June 5). [Online] Available: https://www.owasp.org/index.php/Session_hijacking_attack
  13. Man-in-the-middle attack - OWASP- (2018, June 5). [Online] Available: https://www.owasp.org/index.php/Man-in-the-middle_attack
  14. Man-in-the-browser attack – OWASP - (2018, June 5). [Online] Available: https://www.owasp.org/index.php/Man-in-the-browser_attack
  15. Heartbleed Bug- OWASP (2018, May 19). [Online] Available: http://heartbleed.com/
  16. Shellshock “Bash Bug” Vulnerability Explained | Netsparker (2018, May 19). [Online] Available: https://www.netsparker.com/blog/web-security/cve-2014-6271-shellshock-bash-vulnerability-scan/
  17. Cross Site Tracing – OWASP - (2018, June 06). [Online] Available: https://www.owasp.org/index.php/Cross_Site_Tracing
  18. What is Local File Inclusion (LFI)? – Acunetix - (2018, June 06). [Online] Available: https://www.acunetix.com/blog/articles/local-file-inclusion-lfi/
  19. Category: Vulnerability Scanning Tools - OWASP (2018, May 19). [Online] Available: https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
  20. Acunetix- (2018, June 4). [Online] Available: https://www.acunetix.com/vulnerabilities/web/
  21. Wapiti - Web Application Vulnerability Scanner v2.3.0 (2018, May 19). [Online] Available: https://www.darknet.org.uk/2015/05/wapiti-web-application-vulnerability-scanner-v2-3-0/
  22. Crawl coverage and vulnerability detection - Arachni - Web Application Security Scanner Framework (2018, May 19). [Online] Available: http://www.arachni-scanner.com/features/framework/crawl-coverage-vulnerability-detection/
  23. Issue Definitions (2018, May 19). [Online] Available: https://portswigger.net/kb/issues
  24. Web Vulnerability & Security Checks | Netsparker (2018, May 19). [Online] Available: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/
  25. Acunetix Vulnerability Scanner: Web Application Security (2018, May 19). [Online] Available: https://www.acunetix.com/vulnerability-scanner/
  26. Highest Crawl & Analysis Rate for HTML5 JavaScript Security - (2018, June 4). [Online] Available: https://www.acunetix.com/vulnerability-scanner/javascript-html5-security/
  27. How Acunetix Compares With Other Web Application Scanners - (2018, June 4). [Online] Available: https://www.acunetix.com/blog/news/acunetix-comparison-web-application-scanners/
  28. Burp Suite Scanner | PortSwigger - (2018, May 19). [Online] Available: https://portswigger.net/burp
Index Terms

Computer Science
Information Sciences

Keywords

Penetration test web scanner SQL injection web vulnerabilities.