Call for Papers - Ongoing round of submission, notification and publication.
    
  
Home    |    Login or Register    |    Contact CSC
By Title/Keywords/Abstract   By Author
Browse CSC-OpenAccess Library.
  • HOME
  • LIST OF JOURNALS
  • AUTHORS
  • EDITORS & REVIEWERS
  • LIBRARIANS & BOOK SELLERS
  • PARTNERSHIP & COLLABORATION
Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available
(no registration required)

(704.14KB)


-- CSC-OpenAccess Policy
-- Creative Commons Attribution NonCommercial 4.0 International License
>> COMPLETE LIST OF JOURNALS

EXPLORE PUBLICATIONS BY COUNTRIES

EUROPE
MIDDLE EAST
ASIA
AFRICA
.............................
United States of America
United Kingdom
Canada
Australia
Italy
France
Brazil
Germany
Malaysia
Turkey
China
Taiwan
Japan
Saudi Arabia
Jordan
Egypt
United Arab Emirates
India
Nigeria
The Principles of Modern Attacks Analysis for Penetration Tester
Adam Ali.Zare Hudaib
Pages - 22 - 84     |    Revised - 01-03-2015     |    Published - 31-03-2015
Published in International Journal of Computer Science and Security (IJCSS)
Volume - 9   Issue - 2    |    Publication Date - March / April 2015  Table of Contents
MORE INFORMATION
References   |   Abstracting & Indexing
KEYWORDS
Penetration Testing, DOS Attack, ICMP, IPv6, IPv4, NTP, Honey Pot Systems.
ABSTRACT
Modern cyber defense requires a realistic and thorough understanding of web application security issues. Anyone can learn to sling a few web hacks, but web application penetration testing requires something deeper. Major web application flaws and their exploitation, a field-tested and repeatable process to consistently finding these flaws and convey them will be discussed in this article. Modern attacks principles will be analyzed on purpose to create the most sufficient penetration tests.
ABSTRACTING & INDEXING
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
REFERENCES
7 Ways to Use Google Webmaster Tools to Increase Traffic To Your Website. Internet: http://www.razorsocial.com/google-webmaster-tools-7-ways-to-increase-traffic-to-yourwebsite/.
Anley, Chris. “Advanced SQL Server Injection in SQL Server Applications” Internet: http://www.nextgenss.com/papers/advanced_sql_injection.pdf.
Antionline.com. Internet: http://www.antionline.com/index.php?action=forums.
Avoid Pay Per Click Problems. Internet: http://www.internetworldstats.com/articles/art090.htm.
“Internet Security Systems”. Internet: http://www.iss.net.
“Nmap Free Stealth Security Scanner”. Internet: http://nmap.org.
“Quality Security Tools”. Internet: http://nmap.org/tools.html.
“Risk Assessment Tools and Practices for Information System Security”. Internet: http://www.fdic.gov/news/news/financial/1999/FIL9968a.html.
CERT: VU#225555. July 29, 2002. Internet: http://online.securityfocus.com/advisories/4308.
Corcoran, Tim “An Introduction to NMAP”. Internet: http://rr.sans.org/audit/nmap2.php.
Craig Huegen, The Latest in Denial of Service Attacks: 'Smurfing': Description and Information to Minimize Effects. Internet: http://www.pentics.net/denial-of-service/whitepapers/smurf.cgi .
David Dittrich, The “Tribe Flood Network” Distributed Denial of Service Attack Tool. Internet: http://staff.washington.edu/dittrich/misc/tfn.analysis .
DNS Hacking (Beginner to Advanced). Internet: http://resources.infosecinstitute.com/dnshacking/.
DOS Attacks and Free DOS Attacking Tools. Internet: http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/.
Extromatica Network Monitor. Internet: http://en.wikipedia.org/wiki/Extromatica_Network_Monitor.
Frank Herberg IPv6 insecurities on “IPv4-only” networks. Internet: http://securityblog.switch.ch/2014/08/26/ipv6-insecurities-on-ipv4-only-networks/.
Fraser, B “Site Security Handbook”. Internet: http://www.ietf.org/rfc/rfc2196.txt?number=2196.
Herzog, Pete “The open source security testing methodology manual”. Internet: http://www.ideahamster.org/osstmm.htm.
HPING2 utility. Internet: http://sourceforge.net/projects/hping2/ .
Hunting Session Fixation Bugs. Internet: http://resources.infosecinstitute.com/huntingsession-fixation-bug/
Icmp address mask ping. Internet: http://www.networkuptime.com/nmap/page4-8.shtml.
ICMP Parameters Internet: http://www.iana.org/assignments/icmp-parameters .
Internet: http://www.ddifrontline.com/security-awareness-education/cyber-crime-securityprevention-
Internet: http://en.wikipedia.org/wiki/Microsoft_Product_Activation.
Internet: http://en.wikipedia.org/wiki/Network_Time_Protocol#cite_note-29.
Internet: http://resources.infosecinstitute.com/network-time-protocol-ntp-threatscountermeasures/.
Internet: http://searchsecurity.techtarget.com/tip/Routing-protocol-security.
Internet: http://tools.ietf.org/html/bcp38.
Internet: http://www.eecis.udel.edu/~mills/security.html.
Internet: http://www.sans.org/security-resources/idfaq/honeypot3.php.
IPv6 Essentials, 3rd Edition by Silvia Hagen Published by O'Reilly Media, Inc., 2014. Intenret: https://www.safaribooksonline.com/library/view/ipv6-essentials3rd/9781449335229/ch01.html.
IPv6 Security Testing and Monitoring Tools . Internet: http://ipv6now.com.au/testing.php.
Kaye, Krysta “Vulnerability Assessment of a University Computing Environment”. Internet: http://rr.sans.org/casestudies/univ_comp.php.
Klikushina, Natalya “Firewall Penetration”. Internet: http://shrike.depaul.edu/~mchen/420/natalya.html.
KoonYaw Tan Intrusion Detection FAQ: How can attacker use ICMP for reconnaissance? Internet: http://www.sans.org/security-resources/idfaq/icmp_misuse.php
Kurtz, George and Prosise, Chris “Security Strategies” Information Security Magazine September 00(also available at Internet: http://www.infosecuritymag.com/articles/september00/features3.shtml).
Litchfield, David. “Threat Profiling SQL Server”, July 20, 2002. Internet: http://www.nextgenss.com/papers/tp-SQL2000.pdf
Logging and Monitoring Tools. Internet: https://quequero.org/downloads/logging-andmonitoring-tools/.
Loki Project. Internet: http://www.phrack.org/show.php?p=49&a=6 .
McClure, Stuart; Scambray, Joel; Kurtz, George Hacking Exposed Berkley, Osborne 1999.
Microsoft, “SQL Server Documentation Chapter 11”. Internet: http://www.microsoft.com/technet/prodtechnol/sql/proddocs/diag/part3/75528c11.asp?.
Microsoft. “Security Tools and Checklists.” Internet: http://www.microsoft.com/technet/security/tools/tools.asp.
Microsoft. “SQL2000 C2 Admin and User Guide”, November 2, 2002. Internet: http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=71C146F39907-40CDBABF-3506ECD33254.
Moyer, Philip “Penetration Testing: Issues for Management”. Computer Security Institute’s Alert Magazine March 1998 (also available at Internet: http://www.gocsi.com/penet.htm).
Network Time Protocol (NTP): Threats and Countermeasures. Internet: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300/.
NMAP. Internet: http://www.insecure.org/nmap/.
Nolan, Patrick. Incidents.org “Slapper Worm Update.” Jan 25, 2003. Internet: http://isc.incidents.org/analysis.html?id=180.
Ofir Arkin, ICMP Usage in Scanning – The Complete Know How. Internet: http://www.syssecurity.com/html/papers.html
R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks. Internet: https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks.
Rakhmanoff, Martin. jimmers@yandex.ru. June 14, 2002. Internet: http://online.securityfocus.com/archive/1/276953.
Rakhmanoff, Martin. jimmers@yandex.ru. SecuriTeam. 10/22/2002. Internet: http://www.securiteam.com/windowsntfocus/6O00L0K5PC.html.
RFC 1122 Requirements for Internet Hosts – Communication Layers. Internet: http://www.ietf.org/rfc/rfc1122.txt.
RFC 792 Internet Control Message Protocol . Internet: http://www.ietf.org/rfc/rfc0792.txt .
SING utility. Internet: http://sourceforge.net/projects/sing/ .
Spoofing ICMP redirect host messages with hping. Internet: http://blog.packetheader.net/2010/05/spoofing-icmp-redirect-host-messages.html.
Stephen Northcutt and Judy Novak, Network Intrusion Detection .
Ta Vinh Thong, Attacks against secure routing protocols. Internet: http://crysys.hu/members/tvthong/links/adhocAttacks.pdf.
Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6. Internet: www.darkreading.com/vulnerabilities---threats/tech-insight-retooling-vulnerability-scanningpenetration-testing-for-ipv6/d/d-id/1134284?
Use offense to inform defense. Find flaws before the bad guys do. Internet: http://pentesting.sans.org/resources/papers/gcih/port-1433-vulnerability-unchecked-buffer-passwordencryption-procedure-104360.
Vesselin Hadjitodorov Security of IPv6 and DNSSEC for penetration testers. Internet: http://www.delaat.net/rp/2010-2011/p40/report.pdf
Warwick Ashford, IPv6: The security risks to business. Internet: http://www.computerweekly.com/feature/IPv6-The-security-risks-to-business.
MANUSCRIPT AUTHORS
Mr. Adam Ali.Zare Hudaib
Licensed Penetration Tester |EC-Council Certified Ethical Hacker |EC-Council Certified Security Analyst |EC-Council Certified Network Analyst | WireShark University Information & Cyber Security Expert CEH , ECSA , LPT , WCNA - Sweden
adamhudaib@gmail.com


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS
 
You can contact us anytime since we have 24 x 7 support.
Join Us|List of Journals|
    
Copyrights © 2025 Computer Science Journals (CSC Journals). All rights reserved. Privacy Policy | Terms of Conditions