Zdrojový dokument:40th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2017 : proceedings
Název akce40th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2017 (22.05.2017 - 26.05.2017, Opatija)
Abstrakt:
The security of modern web applications is becoming increasingly important with their growing usage. As millions of people use these services, the availability, integrity, and confidentiality are critical. This paper describes the process of penetration testing of these applications. The goal of such testing is to detect application flaws and vulnerabilities and to propose a solution to mitigate them. The paper analyses current penetration testing tools and subsequently tests them on a use case web application, build specifically with present security flaws. The process of penetration testing is described in detail and the performance of each tool is evaluated. In the last section, recommended practices to mitigate found flaws are summarized.