Web App Penetration Testing Method: A Review

Web App Penetration Testing Method: A Review

연구 분야: Strategies

학회: 2024 International Conference on Information Technology Systems and Innovation (ICITSI)

The increasing reliance on web applications in modern businesses has brought both opportunities and heightened risks of cyberattacks. Penetration testing (pen-testing) has emerged as a proactive action to find vulnerabilities, thereby safeguarding web applications from exploitation. This review examines various pen-testing methodologies, pen-testing tools, and vulnerabilities. It particularly highlights the integration of machine learning in pen-testing, a promising development that enhances testing efficiency. The use of benchmarking tools and the evaluation of standard environments are also discussed. Seven key research questions guide the analysis, including methodologies, algorithms, tools, environments, and tested vulnerabilities.