Top

Published in:

2016 | OriginalPaper | Chapter

CRiPT: Cryptography in Penetration Testing

Authors : Sachin Ahuja, Rahul Johari, Chetna Khokhar

Published in: Proceedings of the Second International Conference on Computer and Communication Technologies

Publisher: Springer India

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The speed and the rate at which the softwares are developed worldwide to meet the customer requirement(s) is increasing day by day. In order to meet the customer target-oriented deadline(s), the softwares are developed at fast pace, often missing vital security checks in the process. These checks become crucial when the software developed are deployed over the network in the client–server architecture and more significantly in the MVC (Model View Controller) architecture scenario. Then one may ask what is the solution? Possible answer is in secure system software engineering which incorporates principles of penetration testing. Penetration testing is one of the amicable and acceptable solution. It might not be a perfect one but it is effective. A penetration test is an attack on the system with the intent of finding security loopholes, potentially gaining access to it, its functionality and data. In this work, we have proposed a methodology for implementing penetration testing. We have taken several cryptographic algorithms such as AES, DES, MD5, and SHA to demonstrate our unique methodology which blends the cryptographic techniques with software engineering principles.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On Context Awareness for Multisensor Data Fusion in IoT

next chapter Simultaneous Localization and Mapping for Visually Impaired People for Outdoor Environment

http://searchsoftwarequality.techtarget.com/definition/penetration-testing

http://www.eclipse.org/downloads/

http://www.eclemma.org/download.html

Dai, Z., Lv, L., Liang, X., Bo, Y.: Network penetration testing scheme description language. In: IEEE Computer Society, International Conference on Computational and Information Sciences (2011)

Jain, S., Johari, R.: SECRA (Secure Erasure Coding based Routing Algorithm). In: International Conference on Research Trends in Computer Technologies (ICRTCT-2013) (Jan 2013)

Jain, S., Johari, R.: AID (Attack Identification in DTN). In: 18 Annual cum 3rd International Conference of Gwalior Academy of Mathematical Sciences (GAMS) on Mathematical, Computational and Integrative Sciences, (Sept 2013)

Pan, W., Li, W.: A penetration testing method for e-commerce authentication system security. In: International Conference on Management of e-Commerce and e-Government, IEEE Computer Society (2009)

Jain, S., Kaur, A., Johari, R.: CPFSD (Code Penetration for Secure Development). In: 7th International Conference on Advanced Computing and Communication Technologies (ICACCT—2013) (Nov 2013)

Jain, S., Johari, R.: ECBEC (erasure coding block encryption using cryptography). In: Security and Privacy Symposium–2013, IIT Kanpur, (Feb 2013)

10.

Weissman, C.: Penetration Testing. Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (Dec 1985) (The Orange Book)

11.

Graw, G.Mc.: Software Security, Cigital, Inc

12.

Geer, D., Harthorne, J.: Penetration testing :a duet, @Stake, dgeer@atstake.com

13.

Gupta, S., Johari, R.: A new framework for credit card transactions involving mutual authentication between cardholder and merchant. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 22–26, IEEE (2011)

14.

Johari, R., Gupta, N.: Secure query processing in delay tolerant network using java cryptography architecture. In: International Conference on Computational Intelligence and Communication Networks (CICN), pp. 653–657, IEEE (2011)

15.

Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 453–458, IEEE (2012)

16.

Sharma, P., Johari, R., Sarma, S.S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. In: International Journal of System Assurance Engineering and Management, pp. 343–351, Springer (3 April 2012)

17.

Jain, I., Johari, R., Ujjwal, R.L.: Web vulnerability exploitation using brute force attack and dictionary attack. In: proceedings of 9th National Conference on Smarter Approaches in Computing Technologies and Applications (SACTA-2014) (2014)

18.

Johari, R., Jain, I., Ujjwal, R.L.: Performance analysis of MD5, DES and AES encryption algorithms for credit card application. In: International Conference on Modeling and computing (ICMC—2014) (2014)

19.

Ruby, L., Johari, R.: Designing a secure encryption technique for web based application. Int. J. Adv. Res. Sci. Eng. (IJARSE) [ISSN-2319-8354], 3(7), 159–163 (July 2014)

20.

Ruby, L., Johari, R.: SANE: Secure encryption technique for alphanumeric data over web based applications. Int. J. Eng. Res. Technol. (IJERT) [ISSN no: 2278–0181] 3(8), 8–11 (August 2014)

21.

Jain, I., Johari, R., Ujjwal, R.L.: CAVEAT: Credit card vulnerability exhibition and authentication tool. In: Second International Symposium on Security in Computing and Communications (SSCC’14), pp. 391–399, Springer (2014)

22.

Ahuja, S., Johari, R., Khokhar, C.: EAST: exploitation of attacks and system threats in network. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing (ASIC) Series, vol. 339, pp. 601–611, Springer (2015)

Title: CRiPT: Cryptography in Penetration Testing
Authors: Sachin Ahuja
Rahul Johari
Chetna Khokhar
Publisher: Springer India
Book: Proceedings of the Second International Conference on Computer and Communication Technologies
Print ISBN: 978-81-322-2525-6

Electronic ISBN: 978-81-322-2526-3

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-81-322-2526-3_11

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"