Abstract
The speed and the rate at which the softwares are developed worldwide to meet the customer requirement(s) is increasing day by day. In order to meet the customer target-oriented deadline(s), the softwares are developed at fast pace, often missing vital security checks in the process. These checks become crucial when the software developed are deployed over the network in the client–server architecture and more significantly in the MVC (Model View Controller) architecture scenario. Then one may ask what is the solution? Possible answer is in secure system software engineering which incorporates principles of penetration testing. Penetration testing is one of the amicable and acceptable solution. It might not be a perfect one but it is effective. A penetration test is an attack on the system with the intent of finding security loopholes, potentially gaining access to it, its functionality and data. In this work, we have proposed a methodology for implementing penetration testing. We have taken several cryptographic algorithms such as AES, DES, MD5, and SHA to demonstrate our unique methodology which blends the cryptographic techniques with software engineering principles.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
http://searchsoftwarequality.techtarget.com/definition/penetration-testing
Dai, Z., Lv, L., Liang, X., Bo, Y.: Network penetration testing scheme description language. In: IEEE Computer Society, International Conference on Computational and Information Sciences (2011)
Jain, S., Johari, R.: SECRA (Secure Erasure Coding based Routing Algorithm). In: International Conference on Research Trends in Computer Technologies (ICRTCT-2013) (Jan 2013)
Jain, S., Johari, R.: AID (Attack Identification in DTN). In: 18 Annual cum 3rd International Conference of Gwalior Academy of Mathematical Sciences (GAMS) on Mathematical, Computational and Integrative Sciences, (Sept 2013)
Pan, W., Li, W.: A penetration testing method for e-commerce authentication system security. In: International Conference on Management of e-Commerce and e-Government, IEEE Computer Society (2009)
Jain, S., Kaur, A., Johari, R.: CPFSD (Code Penetration for Secure Development). In: 7th International Conference on Advanced Computing and Communication Technologies (ICACCT—2013) (Nov 2013)
Jain, S., Johari, R.: ECBEC (erasure coding block encryption using cryptography). In: Security and Privacy Symposium–2013, IIT Kanpur, (Feb 2013)
Weissman, C.: Penetration Testing. Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (Dec 1985) (The Orange Book)
Graw, G.Mc.: Software Security, Cigital, Inc
Geer, D., Harthorne, J.: Penetration testing :a duet, @Stake, dgeer@atstake.com
Gupta, S., Johari, R.: A new framework for credit card transactions involving mutual authentication between cardholder and merchant. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 22–26, IEEE (2011)
Johari, R., Gupta, N.: Secure query processing in delay tolerant network using java cryptography architecture. In: International Conference on Computational Intelligence and Communication Networks (CICN), pp. 653–657, IEEE (2011)
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 453–458, IEEE (2012)
Sharma, P., Johari, R., Sarma, S.S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. In: International Journal of System Assurance Engineering and Management, pp. 343–351, Springer (3 April 2012)
Jain, I., Johari, R., Ujjwal, R.L.: Web vulnerability exploitation using brute force attack and dictionary attack. In: proceedings of 9th National Conference on Smarter Approaches in Computing Technologies and Applications (SACTA-2014) (2014)
Johari, R., Jain, I., Ujjwal, R.L.: Performance analysis of MD5, DES and AES encryption algorithms for credit card application. In: International Conference on Modeling and computing (ICMC—2014) (2014)
Ruby, L., Johari, R.: Designing a secure encryption technique for web based application. Int. J. Adv. Res. Sci. Eng. (IJARSE) [ISSN-2319-8354], 3(7), 159–163 (July 2014)
Ruby, L., Johari, R.: SANE: Secure encryption technique for alphanumeric data over web based applications. Int. J. Eng. Res. Technol. (IJERT) [ISSN no: 2278–0181] 3(8), 8–11 (August 2014)
Jain, I., Johari, R., Ujjwal, R.L.: CAVEAT: Credit card vulnerability exhibition and authentication tool. In: Second International Symposium on Security in Computing and Communications (SSCC’14), pp. 391–399, Springer (2014)
Ahuja, S., Johari, R., Khokhar, C.: EAST: exploitation of attacks and system threats in network. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing (ASIC) Series, vol. 339, pp. 601–611, Springer (2015)
Acknowledgments
The author(s) wishes to extend sincere thanks to the administration of GGSIP University for providing rich academic and research oriented environment.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this paper
Cite this paper
Ahuja, S., Johari, R., Khokhar, C. (2016). CRiPT: Cryptography in Penetration Testing. In: Satapathy, S., Raju, K., Mandal, J., Bhateja, V. (eds) Proceedings of the Second International Conference on Computer and Communication Technologies. Advances in Intelligent Systems and Computing, vol 381. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2526-3_11
Download citation
DOI: https://doi.org/10.1007/978-81-322-2526-3_11
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2525-6
Online ISBN: 978-81-322-2526-3
eBook Packages: EngineeringEngineering (R0)