Call for Paper - Upcoming Issues

A Comprehensive NIDS-Based Strategy for Web Application Penetration Testing

International Journal of Computer Science and Engineering
© 2024 by SSRG - IJCSE Journal
Volume 11 Issue 12
Year of Publication : 2024
Authors : Srujana Manjunath, Shreya Malshetty, D. Jayalakshmi, Chaithra Banger, Y. Sharmasth Vali
10.14445/23488387/IJCSE-V11I12P101

pdf
How to Cite?

Srujana Manjunath, Shreya Malshetty, D. Jayalakshmi, Chaithra Banger, Y. Sharmasth Vali, "A Comprehensive NIDS-Based Strategy for Web Application Penetration Testing," SSRG International Journal of Computer Science and Engineering , vol. 11,  no. 12, pp. 1-6, 2024. Crossref, https://doi.org/10.14445/23488387/IJCSE-V11I12P101

Abstract:

Imagine receiving an email from cybercriminals stating that all your personal information has been compromised— name, date of birth, home address, and finances. They are demanding money from you in exchange for not leaking your sensitive information. It's a terrifying situation to be in, isn't it? We adopt an NIDS-based approach for web application penetration testing in order to resolve this issue. Web application penetration testing is an ongoing security evaluation that mimics actual attacks to evaluate how secure web applications are. The main objective is to find any possible flaws, configuration errors, or vulnerabilities that malicious users can use to jeopardize a web application's availability, confidentiality, or integrity. An NIDS is deployed to detect fraudulent activities at the network level, which can complement conventional penetration testing techniques that concentrate on flaws in the software. The goal of this research is to improve the identification of security vulnerabilities at the network and application levels by combining traditional web application penetration testing with Network Intrusion Detection Systems (NIDS).

Keywords:

Intrusion Detection, Network Intrusion Detection, Penetration Testing, Vulnerability Assessment,Web Application Security.

References:

[1] Mariam Alhamed, and M.M. Hafizur Rahman, “A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions,” Applied Sciences, vol. 13, no. 12, pp. 1-24, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Esra Abdullatif Altulaihan, Abrar Alismail, and Mounir Frikha, “A Survey on Web Application Penetration Testing,” Electronics, vol. 12, no. 5, pp. 1-23, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Vladimir Ciric et al., “Modular Deep Learning-Based Network Intrusion Detection Architecture for Real-World Cyber-Attack Simulation,” Simulation Modelling Practice and Theory, vol. 133, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Ferry Astika Saputra et al., “The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data,” Big Data and Cognitive Computing, vol. 6, no. 1, pp. 1-15, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Satish Kumar, Sunanda Gupta, and Sakshi Arora, “Research Trends in Network-Based Intrusion Detection Systems: A Review,” IEEE Access, vol. 9, pp. 157761-157779, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Heather Lawrence et al., “CUPID: A Labelled Dataset with Pentesting for Evaluation of Network Intrusion Detection,” Journal of Systems Architecture, vol. 129, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Lirim Ashiku, and Cihan Dagli, “Network Intrusion Detection System using Deep Learning,” Procedia Computer Science, vol. 185, pp. 239-247, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Patrick Vanin et al., “A Study of Network Intrusion Detection Systems Using Artificial Intelligence/Machine Learning,” Applied Sciences, vol. 12, no. 22, pp. 1-27, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Vinod Varma Vegesna, “Utilising VAPT Technologies (Vulnerability Assessment & Penetration Testing) as a Method for Actively Preventing Cyberattacks,” International Journal of Management, Technology and Engineering, vol. 12, vol. 7, pp. 81-94, 2022.
[Google Scholar] [Publisher Link]
[10] Ke Chen et al., “Research on the Application of Penetration Testing Frameworks in Blockchain Security,” Computational and Experimental Simulations in Engineering, pp. 307-330, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Fredrik Heiding et al., “Penetration Testing of Connected Households,” Computers & Security, vol. 126, pp. 1-13, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Arvind Goutam, and Vijay Tiwari, “Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application,” 4th International Conference on Information Systems and Computer Networks, Mathura, India, pp. 601-605, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Prashant Vats, Manju Mandot, and Anjana Gosain, “A Comprehensive Literature Review of Penetration Testing & Its Applications,” 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), Noida, India, pp. 674 680, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Khaled Abdulghaffar, Nebrase Elmrabit, and Mehdi Yousefi, “Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners,” Computers, vol. 12, no. 11, pp. 1-17, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Soroush M. Sohi, Jean-Pierre Seifert, and Fatemeh Ganji, “RNNIDS: Enhancing Network Intrusion Detection Systems through Deep Learning,” Computers & Security, vol. 102, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Ms. Khushnaseeb Roshan, and Aasim Zafar, “Boosting Robustness of Network Intrusion Detection Systems: A Novel Two-Phase Defense Strategy Against Untargeted White-Box Optimization Adversarial Attack,” Expert Systems with Applications, vol. 249, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Murat Aydos et al., “Security Testing of Web Applications: A Systematic Mapping of the Literature,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 9, pp. 6775-6792, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Jaydeep R.Tadhani et al., “Securing Web Applications Against XSS and Sqli Attacks Using a Novel Deep Learning Approach,” Scientific Reports, vol. 14, pp. 1-17, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Amel F. Aljebry, Yasmine M. Alqahtani, and Norrozila Sulaiman, “Analyzing Security Testing Tools for Web Applications,” International Conference on Innovative Computing and Communications, vol. 1387, pp. 411-419, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Branislav Rajić, Žarko Stanisavljević, and Pavle Vuletić, “Early Web Application Attack Detection Using Network Traffic Analysis,” International Journal of Information Security, vol. 22, pp. 77-91, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Maruthi Rohit Ayyagari et al., “Intrusion Detection Techniques in a Network Environment: A Systematic Review,” Wireless Networks, vol. 27, pp. 1269-1285, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Muhammad Ali et al., “Effective Network Intrusion Detection Using a Stacking-Based Ensemble Approach,” International Journal of Information Security, vol. 22, pp. 1781-1798, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Ankur Chowdhary, Kritshekhar Jha, and Ming Zhao, “Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications,” Sensors, vol. 23, no. 18, pp. 1-18, 2023.
[CrossRef] [Google Scholar] [Publisher Link]