Abstract
The purpose of penetration testing is to assess the vulnerabilities present in communication networks/Digital Devices. Penetration testing analyses the strength of protection techniques in the digital environment. This test is conducted at periodic intervals to analyze risks and control to accomplish more distinguished security standards. The proposed work discusses factors and components while preparing a penetration test. Various penetration tests are performed on private networks using different tools on the Kali Linux platform. The types of attack considered for this study are credential harvester, web jacking, and smartphone device penetration in secured penetration testing laboratory setup. The tests are performed in detail with various criteria like successful, partially successful, and failure. Recent studies show how organizations suffered because of security incidents. Finally, some mitigation strategies are pointed out to counteract these threats to develop awareness among users.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Weissman C (1995) Handbook for the computer security certification of trusted systems. Information assurance technology analysis center falls church VA.
Denis M, Zena C, Hayajneh T (April 2016) Penetration testing: concepts, attack methods, and defense strategies. In: 2016 IEEE long ısland systems, applications and technology conference (LISAT). IEEE, pp 1–6
Shah S, Mehtre BM (2015) An overview of vulnerability assessment and penetration testing techniques. J Comput Virol Hacking Tech 11(1):27–49
Shorter JD, Smith JK, Aukerman RA (2012) Aspects of ınformational security: penetration testing is crucial for maintaining system security viability. Technol Plann 13
Blackwell C (2014) Towards a penetration testing framework using attack patterns. In: Cyberpatterns. Springer, Cham, pp 135–148
Shuaibu BM, Norwawi NM, Selamat MH, Al-Alwani A (2015) Systematic review of web application security development model. Artif Intell Rev 43(2):259–276
Rahman A, Ali M (Aug 2018) Analysis and evaluation of wireless networks by implementation of test security keys. In: International conference for emerging technologies in computing. Springer, Cham, pp 107–126
Shindarev N, Bagretsov G, Abramov M, Tulupyeva T, Suvorova A (Sep 2017) Approach to identifying of employees profiles in websites of social networks aimed to analyze social engineering vulnerabilities. In: International conference on ıntelligent ınformation technologies for ındustry. Springer, Cham, pp 441–447
Al Shebli HMZ, Beheshti BD (May 2018) A study on penetration testing process and tools. In: 2018 IEEE long ısland systems, applications and technology conference (LISAT). IEEE, pp 1–7
Mishra S, Sharma SK, Alowaidi MA (2020) Analysis of security issues of cloud-based web applications. J Ambient Intell Humanized Comput 1–12
Reddy MR, Yalla P (March 2016) Mathematical analysis of penetration testing and vulnerability countermeasures. In: 2016 IEEE ınternational conference on engineering and technology (ICETECH). IEEE, pp 26–30
Guarda T, Orozco W, Augusto MF, Morillo G, Navarrete SA, Pinto FM (Dec 2016) Penetration testing on virtual environments. In: Proceedings of the 4th ınternational conference on ınformation and network security. pp 9–12
Nagpure S, Kurkure S (Aug 2017) Vulnerability assessment and penetration testing of web application. In: 2017 ınternational conference on computing, communication, control and automation (ICCUBEA). IEEE, pp 1–6.
Zitta T, Neruda M, Vojtech L, Matejkova M, Jehlicka M, Hach L, Moravec J (Dec 2018) Penetration testing of intrusion detection and prevention system in low-performance embedded IoT device. In: 2018 18th international conference on mechatronics-mechatronika (ME). IEEE, pp 1–5
Hasan A, Meva D (2018) Web application safety by penetration testing. Int J Advan Stud Sci Res 3(9)
Lyashenko V, Kobylin O, Minenko M (Oct 2018) Tools for ınvestigating the phishing attacks dynamics. In: 2018 ınternational scientific-practical conference problems of infocommunications. Science and technology (PIC S&T). IEEE, pp 43–46
Salahdine F, Kaabouch N (2019) Social engineering attacks: a survey. Future Internet 11(4):89
Rahalkar S (2019) Metasploit. In: Quick start guide to penetration testing. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4270-4_3
Cayre R, Nicomette V, Auriol G, Alata E, Kaâniche M, Marconato G (Oct 2019) Mirage: towards a metasploit-like framework for IoT. In: 2019 IEEE 30th ınternational symposium on software reliability engineering (ISSRE). IEEE, pp 261–270
Patel K (April 2019) A survey on vulnerability assessment & penetration testing for secure communication. In: 2019 3rd ınternational conference on trends in electronics and ınformatics (ICOEI). IEEE, pp 320–325
Patel AM, Patel HR (March 2019) Analytical study of penetration testing for wireless ınfrastructure security. In: 2019 ınternational conference on wireless communications signal processing and networking (WiSPNET). IEEE, pp 131–134
Raj S, Walia NK (July 2020) A study on metasploit framework: a pen-testing tool. In: 2020 ınternational conference on computational performance evaluation (ComPE). IEEE, pp 296–302
Pandey R, Jyothindar V, Chopra UK (Sep 2020) Vulnerability assessment and penetration testing: a portable solution Implementation. In: 2020 12th ınternational conference on computational ıntelligence and communication networks (CICN). IEEE, pp 398–402
Alabdan R (2020) Phishing attacks survey: types, vectors, and technical approaches. Future Internet 12(10):168. https://doi.org/10.3390/fi12100168
Lu HJ, Yu Y (2021) Research on WiFi penetration testing with Kali Linux. Complexity
https://www.trustedsec.com/tools/the-social-engineer-toolkit-set/
Boyanov PK, Savova ZN (Oct 2019) Implementation of credential harvester attack method in the computer network and systems. In: International scientific conference “Defense technologies,” faculty of artillery, air defense and communication and ınformation systems. Shumen, Bulgaria
Goutam A, Tiwari V (Nov 2019) Vulnerability assessment and penetration testing to enhance the security of web application. In: 2019 4th ınternational conference on ınformation systems and computer networks (ISCON). IEEE, pp 601–605
Alanda A, Satria D, Mooduto HA, Kurniawan B (May 2020) Mobile application security penetration testing based on OWASP. IOP Conf Ser: Mater Sci Eng 846(1):012036. IOP Publishing
SOPHOS (2021) Threat report. https://www.sophos.com/en-us/labs/security-threat-report.aspx
Declaration
The work is performed in a secure laboratory setup and does not possess any malicious intent.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Barik, K., Konar, K., Banerjee, A., Das, S., Abirami, A. (2022). An Exploration of Attack Patterns and Protection Approaches Using Penetration Testing. In: Hemanth, D.J., Pelusi, D., Vuppalapati, C. (eds) Intelligent Data Communication Technologies and Internet of Things. Lecture Notes on Data Engineering and Communications Technologies, vol 101. Springer, Singapore. https://doi.org/10.1007/978-981-16-7610-9_36
Download citation
DOI: https://doi.org/10.1007/978-981-16-7610-9_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-7609-3
Online ISBN: 978-981-16-7610-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)