Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity
View/ Open
Rane_&_Qureshi_ISDFS.pdf (834.9Kb)
Download
Publication date
2024-05Rights
© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Peer-Reviewed
YesOpen Access status
openAccessAccepted for publication
2024-04
Metadata
Show full item recordAbstract
Web platform security has become a significant concern in the current cyber world. Adversaries constantly advance their skills and technologies to bypass modern cyber defence techniques to lure website vulnerabilities. In the cyber world, finding and mitigating vulnerabilities on the website is essential to avoid any damage to the organization. Two key techniques - vulnerability assessment and penetration testing - play a crucial role in identifying and mitigating these weaknesses. While vulnerability assessment scans the platform, revealing potential flaws, penetration testing goes a step further, simulating real-world attack scenarios to assess their true exploitability and possible damage. This paper compares automated scanning and manual penetration testing to evaluate the effectiveness of these techniques in uncovering vulnerabilities. The experimental results confirm that manual penetration testing is more effective than automated testing in terms of accuracy. Additionally, practical studies highlight the importance of a penetration tester's skills and experience in identifying and exploiting security weaknesses. Automated tools may also generate false positive results.Version
Accepted manuscriptCitation
Rane N and Qureshi A (2024) Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity. In: 2024 12th International Symposium on Digital Forensics and Security (ISDFS). 29-30 Apr 2024. San Antonio, Texas, USA.Link to Version of Record
https://doi.org/10.1109/ISDFS60797.2024.10527240Type
Articleae974a485f413a2113503eed53cd6c53
https://doi.org/10.1109/ISDFS60797.2024.10527240