Thumbnail Image
Publication

Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity

Rane, Nikhil
Publication Date
2024-05
End of Embargo
Supervisor
Keywords
Vulnerability analysis, Penetration testing, Website security, Ethical hacking
Rights
© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
cb
Peer-Reviewed
Yes
Open Access status
openAccess
Accepted for publication
2024-04
Institution
Department
Awarded
Embargo end date
Collections
Engineering and Digital Technology Publications
Show all metadata
Files
Thumbnail Image
Rane_&_Qureshi_ISDFS.pdf
Adobe PDF834.91 KB
To keep suppressed
Adobe PDF780.79 KB
Additional title
Abstract
Web platform security has become a significant concern in the current cyber world. Adversaries constantly advance their skills and technologies to bypass modern cyber defence techniques to lure website vulnerabilities. In the cyber world, finding and mitigating vulnerabilities on the website is essential to avoid any damage to the organization. Two key techniques - vulnerability assessment and penetration testing - play a crucial role in identifying and mitigating these weaknesses. While vulnerability assessment scans the platform, revealing potential flaws, penetration testing goes a step further, simulating real-world attack scenarios to assess their true exploitability and possible damage. This paper compares automated scanning and manual penetration testing to evaluate the effectiveness of these techniques in uncovering vulnerabilities. The experimental results confirm that manual penetration testing is more effective than automated testing in terms of accuracy. Additionally, practical studies highlight the importance of a penetration tester's skills and experience in identifying and exploiting security weaknesses. Automated tools may also generate false positive results.
URI
http://hdl.handle.net/10454/19971
Version
Accepted manuscript
Citation
Rane N and Qureshi A (2024) Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity. In: 2024 12th International Symposium on Digital Forensics and Security (ISDFS). 29-30 Apr 2024. San Antonio, Texas, USA.
Link to publisher’s version
Link to published version
Link to Version of Record
https://doi.org/10.1109/ISDFS60797.2024.10527240
Type
Article
Qualification name
Notes