Comparison of Vulnerability Assessment and Penetration Testing
Jignesh Doshi and Bhushan Trivedi. Article: Comparison of Vulnerability Assessment and Penetration Testing. International Journal of Applied Information Systems 8(6):51-53, April 2015. BibTeX
@article{key:article, author = "Jignesh Doshi and Bhushan Trivedi", title = "Article: Comparison of Vulnerability Assessment and Penetration Testing", journal = "International Journal of Applied Information Systems", year = 2015, volume = 8, number = 6, pages = "51-53", month = "April", note = "Published by Foundation of Computer Science, New York, USA" }
Abstract
Business using internet has grown drastically in past decade. Attacks on web application have increased. Web application security is a big challenge for any organizations as result of increasing attacks. There exist different approaches to mitigate various security risks are defensive coding, hardening (Firewall), Monitoring and auditing. These solutions found more towards prevention of attacks or of monitoring types of. Vulnerability assessment and Penetration testing are two approaches widely used by organizations to assess web application security. Both solutions are different and complimentary to each other. In this paper comparison of these two approaches are provided. The authors found that penetration testing is better compare to vulnerability assessment as it exploits the vulnerability, while vulnerability assessment is superior in terms of coverage over penetration testing.
Reference
- Vulnerability Assessment and Penetration Testing: http://www.veracode.com/ security/vulnerability-assessment-and-penetration-testing
- John Barchie, Triware Net world Systems, Penetration Testing vs. Vulnerability Scanning: http://www.tns.com/PenTestvsVScan.asp
- Penetration Testing Limits http:// www.praetorian.com/blog/penetration-testing-limits
- Vulnerability Analysis, http://www.pentest-standard.org/index.php/ Vulnerability Analysis
- Open Web Application Security Project, https://www.owasp.org/index.php/Category: Vulnerability
- Penetration Testing: http://searchsoftwarequality .techtarget.com/definition/penetration-testing
- Vulnerability Assessment and Penetration Testing: http://www.aretecon.com/aretesoftwares
- Ankita Gupta, Kavita, Kirandeep Kaur: Vulnerability Assessment and Penetration Testing,
- International Journal of Engineering Trends and Technology- Volume4 Issue3- 2013, ISSN: 2231-5381 Page 328-330
- Konstantinos Xynos, Iain Sutherland, Huw Read, Emlyn Everitt and Andrew J.C. Blyth: PENETRATION TESTING AND VULNERABILITY ASSESSMENTS: A PROFESSIONAL APPROACH, Originally published in the Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010 available at : http://ro.ecu.edu.au/icr/16
- You Yu, Yuanyuan Yang, Jian Gu, and Liang Shen, Analysis and Suggestions for the Security of Web Applications,, International Conference on Computer Science and Network Technology, 2011, 978-1-4577-1587-7/111, IEEE
- Andrey Petukhov, Dmitry Kozlov, Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing, https://www.owasp.org/images/3/3e/OWASP-AppSecEU08-Petukhov.pdf accessed on 31st January 2015
- Parvin Ami, Ashikali Hasan: Seven Phrase Penetration Testing Model,International Journal of Computer Applications (0975 – 8887),Volume 59– No.5, December 2012
- Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones,an overview of penetration testing, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 DOI :10.5121/ijnsa.2011.3602
- Jignesh Doshi, Bhushan Trivedi, Assessment of SQL Injection Solution Approaches, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 10, October 2014 ISSN: 2277 128X
- Netcraft, Total Sites Across All Domains August 1995 - April 2010, http://news.netcraft.com.
- Gartner, Press releases, http://www.gartner.com
Keywords
Attack, Vulnerability, Security Risk, VAPT