Penetration Testing for Web-Applications

Abstract

As per today's scenario, web applications are highly vulnerable due to the sophisti- cated tools and increasing number of hackers across the globe.Security aspects are often ignored during the application development process. There is no open source testing framework available to ensure a vulnerability free testing before deployment of applications. Also logical vulnerabilities are still to be explored. Every company must have a concrete security maintenance of their information systems. But according to survey, most of companies outsource the testing of applications. Due to this,chances of security risks and confidential information leakage are increasing. It is high time for the companies involved in application development that sufficient care is to be taken to ensure that the security related risks and issues are mitigated religiously. Also, the organizations which are scheduling such type of pen-testing as third party must realize that there should be a serious agreement signed by them in which they should declare that testing would be done for ethical purpose only and data leakage risks would not be there. In this project, URL based vulnerability scanner(URL-VS) is implemented. It gives idea about OWASP vulnerabilities and logical vulnerabilities. Analysis of current threats and vulnerabilities and how they occur is also mentioned in this project. This kind of project has several main phases such as information gath- ering, scanning and vulnerabilities identification, exploitation and reporting. Thesis also describes about the different tools used during different phases.