Security Assurance through Penetration Testing

Security Assurance through Penetration Testing

연구 분야: Verification

학회: 2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)

Penetration testing is a type of security testing used to determine whether an application is securely built by exploiting the vulnerabilities in a system. The vulnerabilities can be discovered and found in the phases of implementation or operation of a system or application. Most importantly, penetration testing proceeds in a white hat state in which the permission of simulations and attacks are first granted by the system owner. In this paper, a penetration testing demonstration will be carried out along with the tools and technique. Kali Linux will be the system for penetration testing as it fulfilled the requirements of professional penetration testing and security auditing. The penetration test will be performed in a pre-configured private network, virtualized system, and devices with various tools. The aim of the paper will be on a detailed concept of implementation of a penetration test including the area of its impact, general function, and critical analysis. The methodologies of the attacks that performed in this paper included reverse shell exploitation, advance port scanning, and password brute-forcing. Besides, an overview of a penetration test including the phase and its process will be introduced and brought into this demonstration and a detailed description of the attacks was included in the paper.