چكيده به لاتين
The security of web applications could be evaluated in a static and dynamic manner. One of the common types of dynamic evaluations is the penetration test by which the attacker attempts to detect web applications security flaws with simulating attacks. For each of these attacks, a variety of methods and tools have been provided. Some of these methods automatically evaluate the web application and report a set of vulnerabilities, while other tools needs a security specialist interaction for performing manual penetration test on a particular vulnerability.
In this research, all web application penetration testing methods were identified. Then, from all the tools, those selected that could detect SQL Injection vulnerabilities on the created sample code. Five open source tools and two commercial tools were investigated. BWAPP and DVWA were selected as the testing environment for this study. SQL Injection, Blind SQL Injection, XSS and file upload vulnerabilities were checked and the results of the tests were compared. False positive and true positive ratios were calculated based on the number and type of vulnerabilities declared by the vulnerable set.
The results of this study indicate that the IronWasp method has the best performance in detecting SQL Injection and Blind SQL Injection vulnerabilities. The Acunetix method has the best performance in detecting XSS and file upload vulnerabilities. Owasp ZAP and Arachni methods have a modest performance, Wapiti and W3af have weaker performance due to the lack of complete and proper support for authenticated scans and non-coverage of a variety of vulnerabilities. Finally, a set of methods was introduced to identify each vulnerability.
Keywords:
Penetration testing, Web Application, Network security, Penetration testing tools, Penetration testing methods
