CFP last date
16 December 2024
Call for Paper
January Edition
IJAIS solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 16 December 2024

Submit your paper
Know more
Reseach Article

Comparison of Vulnerability Assessment and Penetration Testing

by Jignesh Doshi, Bhushan Trivedi
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 8 - Number 6
Year of Publication: 2015
Authors: Jignesh Doshi, Bhushan Trivedi
10.5120/ijais15-451326

Jignesh Doshi, Bhushan Trivedi . Comparison of Vulnerability Assessment and Penetration Testing. International Journal of Applied Information Systems. 8, 6 ( April 2015), 51-53. DOI=10.5120/ijais15-451326

@article{ 10.5120/ijais15-451326,
author = { Jignesh Doshi, Bhushan Trivedi },
title = { Comparison of Vulnerability Assessment and Penetration Testing },
journal = { International Journal of Applied Information Systems },
issue_date = { April 2015 },
volume = { 8 },
number = { 6 },
month = { April },
year = { 2015 },
issn = { 2249-0868 },
pages = { 51-53 },
numpages = {9},
url = { https://www.ijais.org/archives/volume8/number6/737-1326/ },
doi = { 10.5120/ijais15-451326 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T18:59:16.742457+05:30
%A Jignesh Doshi
%A Bhushan Trivedi
%T Comparison of Vulnerability Assessment and Penetration Testing
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 8
%N 6
%P 51-53
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Business using internet has grown drastically in past decade. Attacks on web application have increased. Web application security is a big challenge for any organizations as result of increasing attacks. There exist different approaches to mitigate various security risks are defensive coding, hardening (Firewall), Monitoring and auditing. These solutions found more towards prevention of attacks or of monitoring types of. Vulnerability assessment and Penetration testing are two approaches widely used by organizations to assess web application security. Both solutions are different and complimentary to each other. In this paper comparison of these two approaches are provided. The authors found that penetration testing is better compare to vulnerability assessment as it exploits the vulnerability, while vulnerability assessment is superior in terms of coverage over penetration testing.

References
  1. Vulnerability Assessment and Penetration Testing: http://www.veracode.com/ security/vulnerability-assessment-and-penetration-testing
  2. John Barchie, Triware Net world Systems, Penetration Testing vs. Vulnerability Scanning: http://www.tns.com/PenTestvsVScan.asp
  3. Penetration Testing Limits http:// www.praetorian.com/blog/penetration-testing-limits
  4. Vulnerability Analysis, http://www.pentest-standard.org/index.php/ Vulnerability Analysis
  5. Open Web Application Security Project, https://www.owasp.org/index.php/Category: Vulnerability
  6. Penetration Testing: http://searchsoftwarequality .techtarget.com/definition/penetration-testing
  7. Vulnerability Assessment and Penetration Testing: http://www.aretecon.com/aretesoftwares
  8. Ankita Gupta, Kavita, Kirandeep Kaur: Vulnerability Assessment and Penetration Testing,
  9. International Journal of Engineering Trends and Technology- Volume4 Issue3- 2013, ISSN: 2231-5381 Page 328-330
  10. Konstantinos Xynos, Iain Sutherland, Huw Read, Emlyn Everitt and Andrew J.C. Blyth: PENETRATION TESTING AND VULNERABILITY ASSESSMENTS: A PROFESSIONAL APPROACH, Originally published in the Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010 available at : http://ro.ecu.edu.au/icr/16
  11. You Yu, Yuanyuan Yang, Jian Gu, and Liang Shen, Analysis and Suggestions for the Security of Web Applications,, International Conference on Computer Science and Network Technology, 2011, 978-1-4577-1587-7/111, IEEE
  12. Andrey Petukhov, Dmitry Kozlov, Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing, https://www.owasp.org/images/3/3e/OWASP-AppSecEU08-Petukhov.pdf accessed on 31st January 2015
  13. Parvin Ami, Ashikali Hasan: Seven Phrase Penetration Testing Model,International Journal of Computer Applications (0975 – 8887),Volume 59– No.5, December 2012
  14. Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones,an overview of penetration testing, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 DOI :10.5121/ijnsa.2011.3602
  15. Jignesh Doshi, Bhushan Trivedi, Assessment of SQL Injection Solution Approaches, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 10, October 2014 ISSN: 2277 128X
  16. Netcraft, Total Sites Across All Domains August 1995 - April 2010, http://news.netcraft.com.
  17. Gartner, Press releases, http://www.gartner.com
Index Terms

Computer Science
Information Sciences

Keywords

Attack Vulnerability Security Risk VAPT