Paper Title : Design and Implementation of an Integrated Internal and External Vulnerability Assessment and Penetration Testing Technique

ISSN : 2394-2231
Year of Publication : 2022

10.5281/zenodo.7155703

Authors: Saheed K. A, Ogunlere S. O

         



MLA Style: Design and Implementation of an Integrated Internal and External Vulnerability Assessment and Penetration Testing Technique "Saheed K. A, Ogunlere S. O" Volume 9 - Issue 5 International Journal of Computer Techniques (IJCT) ,ISSN:2394-2231 , www.ijctjournal.org

APA Style: Design and Implementation of an Integrated Internal and External Vulnerability Assessment and Penetration Testing Technique "Saheed K. A, Ogunlere S. O" Volume 9 - Issue 5 International Journal of Computer Techniques (IJCT) ,ISSN:2394-2231 , www.ijctjournal.org

Abstract
The existence of zero-day vulnerabilities and Advanced Persistent Threats (APTs) makes it critical to explore the internal and external Vulnerability Assessment and Penetration Testing Technique (VAPT), testing strategy which can identify the most severe cybersecurity flaws and risks. Various VAPT methods has been established, but there is no model that was designed to integrate the internal and external VAPT testing strategy to mitigate attack and reduce vulnerabilities. From the findings, there are a total of 10 (ten) vulnerabilities in the application environment. 2 (two) were discovered to be of Critical severity, 1 (one) of high severity, 3 (three) of medium severity, 4 (four) low severity. The vulnerabilities which have different risk ratings were unknown to the vendor or developer of the application which in turn led to zero-day vulnerabilities from the findings of this research work. In the final analysis, the practical model design of hybrid VAPTs testing strategy was discovered to be more efficient and effective in identifying and mitigating the most severe cybersecurity flaws such as the zero-day vulnerability before being exploited by a malicious hacker, and thus reduces the risk of holes in application.

Reference
Ahmad, Z. & Sanjudharan, M. (July 2020). Practice of Ethical Hacking in the Banking Sector. Retrieved from https://www.researchgate.net/publication/343064340. Anderson, K. (2018). A Business Model for Information Security. Retrieved from ISACA® Journal, Vol. 3, Banerjee, A. (2019). Ethical Hacking: Keeping Data Safe in the Financial Services Industry. Božić, K. , Penevski, N. , Adamović, S. (2019). Penetration Testing And Vulnerability Assessment: Introduction, Phases, Tools And Methods. DOI: 10.15308/Sinteza-2019-229-234. Retrieved from https://www.researchgate.net/publication/333292138. Chandrakant, B. & Prakash, J. (2019). Vulnerability Assessment and Penetration Testing As Cyber Defence. Retrieved from International Journal of Engineering Applied Sciences and Technology, 2019 Vol. 4, Issue 2, ISSN No. 2455-2143, Pages 72-76 Published Online June 2019 in IJEAST (http://www.ijeast.com) Ding,A ., Limon, G., Janssen, M. (2019).Ethical Hacking for IoT Security:A First Look into Bug Bounty Programs and Responsible Disclosure Gartner, Inc., (2018). Emerging Technology Analysis: Bug Bounties and Crowdsourced Security Testing. Gartner, Inc., (2018). Selecting the Right SOC Model for Your Organization. ID: G00363821 Goel, J & Mehtre, B. (2015). Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology. Procedia Computer Science 57 ( 2015 ) 710 – 715 1877-0509. Published by Elsevier B.V.doi:10.1016/j.procs.2015.07.458 ScienceDirect.Available online at Retrieved from www.sciencedirect.com 3rd International Conference on Recent Trends in Computing 2015 (ICRTC-2015) ISACA. (2017). Cybersecurity Fundamentals Study Guide, 2nd Edition Khera, Y. , Kumar, D. , Sujay, G. , Garg, N. (2019). Analysis and Impact of Vulnerability Assessment and Penetration Testing. DOI: 10.1109/COMITCon.2019.8862224. Retrieved from https://www.researchgate.net/publication/336439468 Maurushat, A. (2019). Ethical Hacking.University of Ottawa Press (UOP) Library and Archives Canada Cataloguing in Publication. ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Pandey, N. (2018). Network Security and Ethical Hacking. J Comput Sci Syst Biol 11: 254-255. doi:10.4172/jcsb.1000282 Panikar, S. (2015). Strengthening Infomation Security With VAPT. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 4 Issue 6, June 2015. Shahidullah,M. (2019). Vulnerability Assessment Penetration Testing (VAPT) for Web Applications. EasyChair Preprint № 2100 Singh, H. & Singh, J. (2017). Analysis of Various tools of Penetration Testing. International Journal of Advanced Research in Science and Engineering (IJARSE) Volume 6 Issue 7, ISSN (O)2319-8354, ISSN (P)2319-8346, Pages 1184-1195, www.ijarse.com, July 2017. Teimoor,R. (2019). Ethical Hacking and Knowledge about Hacking :A Brief about Whitehat Hacking And Its Techniques. Retrieved from https://www.researchgate.net/publication/333632435.DOI: 10.13140/RG.2.2.17344.79362 Umrao, S. & Kaur, M. (2012). Vulnerability Assessment And Penetration Testing. Retrieved from https://www.researchgate.net/publication/303859587. International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012

Keywords
— Internal VAPT, External VAPT, Application security testing, Risk ratings, Vulnerabilities