SlideShare a Scribd company logo

Vulnerability Management System

IRJET Journal
IRJET Journal

This document describes a proposed vulnerability management system (VMS) that aims to automate the process of scanning software applications to identify vulnerabilities. The proposed system uses a hybrid algorithm approach that incorporates features from existing vulnerability detection tools and algorithms. The algorithm involves five main phases: inspection, scanning, attack detection, analysis, and reporting. The algorithm is intended to increase the accuracy of vulnerability detection compared to existing systems. The proposed VMS system and hybrid algorithm were tested using various vulnerability scanning tools on virtual machines, and results demonstrated that the VMS could automate the vulnerability assessment process and generate reports on detected vulnerabilities with severity levels. The main limitation is that scans using the VMS may take more time than some existing tools.

1 of 6
Download to read offline
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 976 Vulnerability Management System Pravin P. Kharat1, Prof. Pramila M. Chawan2 1M. Tech Student, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India 2Associate Professor, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - In simple terms, a vulnerability in cyber security refers to any fault or flaw, or weakness in an information system, internal controls, or system processes of an organization. It can also be defined as a flaw or a fault in the source code design which determines the application malfunctions. Therefore, a good Vulnerability Management plan should be implemented to avoid attacks on the system or to minimize the damages produced by a cyberattack.Toavoid such damages manual source code inspections or security audits are performed, which requires highly trained cyber security engineers, and it requiresmoretime, which isproneto errors. For this reason, there is a need to automate such processes to discover vulnerabilities. This results in the implementation of the Vulnerability Management System, which will automate security testing for the identification of vulnerabilities caused in the software products. Key Words: Vulnerability, Vulnerability Management System, Algorithm, Software testing, Web based application. 1. INTRODUCTION Many organizations have embraced the technologiessuchas software applications, web applications, software products, and many more to explore their new business opportunities and few organizations are beingforcedtoadopte-commerce due to advancementsinsoftwaretechnologies,customers,or competitors. Software applications and web applications have been gaining popularity day by day, and these applications come up with different components which are highly complex and written bydifferentsoftwaredevelopers in different smaller chunks. Most of these applications failto give proper output due to untreated cases or flaws. Therefore, the software application or Operating system which contains untreated cases, flaws, or weaknesses are known as software vulnerabilities. Later, the flaws in the source code of the application can be exemplifiedasanentry point for the hacker and can be treated as a software vulnerability. Despite all the security measures, the number of vulnerabilities discovered continues to grow as the number of users using the internet has increased. Any device which contains software functions can tend to have source code errors, logical errors, and flaws. Thus, the existence of detection techniquesismandatoryforsoftwarevulnerability remediation as well as prevention. To avoid such situations manual testing, security audits, or code inspections are to be performed by highly skilled cyber security engineers or experts. But as it is labour intensive and expensive and prone to errors; automating the above steps to discover respective vulnerabilities for the software applications is required. 1.1 Software Vulnerabilities An error or a flaw or a weakness of the application's source code that an attacker or a hacker can take advantage of is known as software vulnerability. These errors tend to make the system function abnormally and undesirable actions. These flaws or errors in code may arise due to the lack of knowledge of the developer or programmer who is developing the software application. These flawsmayleadto system crashes, loss of data, reputational damage, major damage to the targeted system, loss of customers, personal data being exposed, etc. 1.2 Types of Vulnerabilities The common security goals i.e., confidentiality, availability, integrity, non-repudiation, and usability, can be affected by the software vulnerabilities. Following listed below are cyberattacks associated with software vulnerabilities: Phishing: Phishing is a cyberattack that attempts to steal sensitive information.Thissensitiveinformationcanbelogin credentials and credit card details. This attack can also be a form of social engineering where an attackertriestomislead the user into clicking a maliciouslink created bytheattacker, downloading some malicious attachments, or revealing sensitive data. DDoS Attacks: Distributed denial of service attack is an attempt to spoil an online service or a website or a server or network by making it unavailable by sending many access requests that it cannot manage. Computer Viruses: Computer code or a program that modifies the way a computer behaves is known as Viruses. They are meant to spread through contaminated data, files, and insecure networks. And once it enters the system, it can replicate and spread from one programtoanotherandinfect other computer systems also.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 977 Attack Vectors: Attack vector is a malicious term used to discover system vulnerability points, launchcyberattacksor install malicious software. Following are the four important attack vectors: Drive-by, Zero-day attack, MITM (man in the middle), SQL Injection. Vulnerability Management System is not only intended to identify and evaluate vulnerability, but it will alsogeneratea detail report which will report of the vulnerability point found in the software application which will be tested. 2. LITERATURE REVIEW In thissection summarization oftheexistingresearchworkis done. A new vulnerable management system will be created based on the existing work with additional functionality. Mădălina Aldea.[1] The author in this paper has introduceda new vulnerability management system i.e., SV – IMS – Software Vulnerability Integrated Management System.This system can perform security tests to detect software vulnerabilities and the result of this test can be viewed upon a dedicated platform. It also gives defines the CVSS i.e., Common Vulnerability Scoring System, which is an international scoring system that describes how severe a vulnerability is. Robert A. Martin.[2] The author in this research paper describes Common Vulnerability Exposure (CVE) and Open Vulnerability Assessment Language (OVAL) which are a pair of international, community-based efforts amongstindustry, government, and academia. Where CVE is aimed to create a means for making vulnerability alerts more applicable to individual enterprises and OVAL is aimed to provide the means for standardized vulnerability assessment and result in uniform and standardized information assurance parameters for systems. GeonLyang Kim.[3] The author of this research paper has introduced a new method for constructing and managing Vulnerabilities by creating a vulnerability database. In this research work,a new National VulnerabilityDatabase(NDV) system is created which can be used by various enterprises. While referring a new vulnerability found can also be registered in the NVD system. Manoj Kumar.[4] In this author proposed a framework that uses a knowledge base and inference engine. Using this the vulnerability management automatically takes required actions, classifies, prioritizes,and mitigatesthevulnerability. The proposed system reduces the threats, security risks,and reputational and Monterey loss. Chee-Wooi Ten.[5] This Author has proposed a Vulnerability assessment framework that evaluatesthevulnerabilityofthe SCADA system. This is done at three levels – System, Scenarios, and access points. This framework is based on the system which has firewall and password models. This proposed framework also evaluates the impact of the attack launched and countermeasures are identified for improvement of cyber security. Jan-Min Chen.[6] In this paper, the author has implemented an automated vulnerability scanner that identifies the injection attack vulnerabilities. This system automatically examines the website to find the XSS and SQL injection vulnerabilities. The proposed system also uses NVD i.e., National Vulnerability Database. Andrey Fedorchenko.[7] In this research paper, the author has proposed the process of integrating a vulnerability database system. Thisintegrateddatabasecanbeusedforthe further application of security systems. In this paper, the structureof the vulnerabilities databaseissuggested,andthe process of vulnerabilities database generation is suggested. 3. PROPOSED SYSTEM 3.1 Problem Statement To developa VulnerabilityManagement System(VMS)which will detect vulnerability using source code and Binary code analysis of the software product and also analyze the intensity of the vulnerability found. 3.2 Proposed Methodology A hybrid algorithm is developed which automates the process of scanning software applications. The majorgoal of the proposed algorithm is to automate and increase the accuracy of vulnerability detection. Although theaccuracyis not achieved at 100% but an effort is made to put up the proposed system above the existing systems. The proposed hybrid algorithm is similar to the existing algorithms. The OWASP results are considered with the output for better reasoning andunderstanding.OWASPresultsareupdatedon the regular basis to avoid any inconvenience. The proposed system’s hybrid algorithm is mainly based on the concept of combining different features which are of different components. This will result in the new algorithm which will give more impactful results on the respective scans. Therefore, the combination of such features from different components has been done based on optimization and sophistication among other componentswiththegoal of increasing the accuracy or efficiency ofthehybridalgorithm. The Hybrid algorithm mainly consists of five phases i.e., Inspection, Scanning, Attack Detection, Analysis, and Reporting. The inspection which can also be called crawling, mainly focuses on fetching information about the application. The more informationgatheredinthisphasethe more successful the entire executed scan will be.Afterphase 1, phase 2 consists of scanning. Scanning is the process in which the algorithm will identify the weaknessofthesystem on which the scan is been initiated. Once the scanning
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 978 process is completed, the next step will be to identify the attacks or vulnerabilities and perform an analysistoidentify the vulnerability definition and remediation methods. Later Reporting phase is initiated to generate a well informative report for the scan which was performed. Fig -1: Component of VMS A detailed description of the flow for the developed Hybrid algorithm: Fig -2: Flowchart for VMS The initial stage accordingtothephasediagramisinspection which can be called as requirementorinformationgathering stage. After phase 1, the next process involves mainly crawling and parsing, and identifying new vulnerabilities. Phase 2 is repeated until all the vulnerabilities of the applications are not discovered. A further step includes analysis of the vulnerabilities found to identify proper definitions according to the OWASP and getting proper remediation for the same. Further, this analysis is summarized, and the final report is generated as an end result. Input: Input is mainly provided by the user who is going to initiate the scanning. This input can be an IP address or the URL for the application which needs to be scanned by the VMS. Processing: This step mainly involves fuzzing, crawling the pages, and identifyingthe weakness,andlatervulnerabilities are identified based on the weaknesses identified. Output: Output will be generated after the proper analysis process is done. Fig -3: Flowchart for XSS
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 979 Many different scanning methodsareusedinVMSalgorithm, considering one following method is used for Cross Site Scripting: 1. For each URL in the list of the visited URLs a) Identify all parameters b) Push the parameters in the list. c) For each of the parameter in the list i) give input as a XSS test case or script to the parameter and pass the request. ii) verify the respective response 2. Report the Vulnerability 3.3 Tools These experiments or practical were performed by running different methods/tool with its respective scripts. These methods were installedand executedonVirtual machine and have the similar configurations and resources. 1. Nmap: For probing computer networks, Nmap offers several functions, including host discovery, service detection, and operating system detection. Scripts that offer more sophisticated service discovery, vulnerability detection, and other features can extend these features. During a scan, Nmap can adjust to changing network conditions, such as latency and congestion. 2. Dirbuster: DirBuster is an application with a GUI interfacedeveloped in Java. It is used to find concealed files and directories by brute-forcing files & directorieswiththeaimofgainingsome significant information that could help in cyber-attacks. A wordlist could influence how effective such a tool is; the more effective the wordlist, the more effective the instrument. 3. Xsser: Cross-Site "Scripter" (also known as XSSer) is an automatic framework for finding, using andreporting XSSflawsinweb- based applications. There are numerous ways to attempt to get around particular filters, as well as numerous unique code injection strategies. 4. Dnswalk: A DNS (Domain Name System) debugger is called Dnswalk. Dnswalk carries out zone transfers for specified domains and executes precise database integritychecksina variety of ways. 5. whois: A query and response protocol i.e., WHOIS, which is pronounced "who is," is frequently used for accessing databases that list the registered users or assignees of Internet resources like domain names, blocks of IP addresses, and autonomous systems. On most UNIX systems, the command-line utility used to do WHOIS protocol searches is called whois. Additionally, Referral Whois is a sibling protocol of WHOIS (RWhois). 6. Nikto: Nikto is a free command-line vulnerabilityscannerthatlooks for unsafe files/CGIs, out-of-date server software, and other issues on web servers. Checks are run on both generic and server-specific levels. Any cookies that are received are also recorded and printed. The data files used by Nikto to runthe program are not free software, but the Nikto code itself is. Nikto can identify more than 6700 potentially harmful files and CGIs, as well as version-specific issuesonmorethan270 servers and obsolete versions on more than 1250 servers. Nikto can also identify installed web servers and software and checks for server configuration elements. 7. Dnsmap: Dnsmap uses an internal or external wordlist to search a domain for common subdomains (if specified using -w option). There are about 1000 words in both English and Spanish on the internal wordlist, including ns1, firewall services, and smtp. Therefore, an automatic search for smtp.example.com within example.comwill beavailable.For additional processing, results can be saved in CSV and human-readable formats. Dnsmap should not be executed with root privileges for security reasons because it does not need them to function. 9. Uniscan: An open-source program called Uniscan can check web applications for serious flaws including cross-site scripting, blind SQL injection, remote file inclusion, web shell vulnerabilities, and hidden backdoors, among others. In addition to assessing vulnerabilities, Uniscan has the ability to search Google and Bing for domains using shared IP addresses. 3.4 Resources required for the VMS tool Operating System: Kali Linux or Ubuntu OS or System configured with Virtual Machine with same OS. The system and virtual machines specifications are as - processor, 2.6 GHZ Core i5, 2 GB RAM, 100 GB HDD and OS as above mentioned.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 980 4. RESULTS AND DISCUSSION Fig -4: Screenshot for web app of VMS tool Fig -5: Screenshot of VMS URL input Fig -6: Screenshot of VMS tool output Vulnerability Management System generated better and faster results overall. It can automate the VA and PT process till particular instance. Also, it is able to identify the present vulnerabilities and specific remediation based on the vulnerability found and generate report with severity levels accordingly. The sole disadvantage is that, according to reports, it takes more time to scan than the majority of the web scanners utilized in this study. Although its performance is not perfect, compared to other tools, it has a larger capacity to detect more flaws. 5. CONCLUSION & RECOMMENDATIONS 5.1 Conclusion The proposed Vulnerability Management System based on the hybrid algorithm extensively work to identify vulnerabilities basedonsoftware-basedapplications.Testing of such applicationsisdoneforsafeguardingit.Thesuggested hybrid method presents additional vulnerabilities and does so in a professional manner when reporting those that have been found. However, because not all of the current vulnerabilities were completely scanned by the suggested hybrid approach. To make sure that "deep" crawling was carried out, thealgorithm'scrawlingcomponentneededtobe increased. The resultsalsoindicatethattheproposedmethod needs to be improved in order to complete the scanning quickly. To create an algorithm with the ability to identify more vulnerabilities, more study and research is required. 5.2 Recommendations i) Improve crawling capabilities: The proposed hybrid algorithm requires more methods and functions for crawling mechanisms so that VMS will be able to scan all the contents of any URL or a web application, without skipping any content of the webpage. ii) Improve Analysis and Reporting: VMS algorithms need to improve the accuracy so that the identified vulnerability can be stated with the severity level. To obtain high-end accuracy more sophisticated methods must be used during the scanning processwhichwill require more research and practical implementation of the algorithm. VMS system can be upgraded for analysis and reporting in such a way that the vulnerabilities can be visualized and can be shown in a representablemannerwith the severity levels. iii) Reducing scanning time: There need to be proper results which is generated in short time frame with better accuracy and reporting. It needs to improve overall scanning method using more scripts and identification of more vulnerabilities. REFERENCES [1] Mădălina Aldea, Daniel Gheorghică, Victor Croitoru, “Software Vulnerabilities Integrated Management System”, 2020 13th International Conference on Communications (COMM), IEEE, 2020: pp. 97 - 102, doi: 10.1109/COMM48946.2020.9141970 [2] Robert A. Martin, “IntegratingYourInformationSecurity Vulnerability Management Capabilities Through Industry Standards (CVE & OVAL)”, 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance, pp. 1528 – 1533), doi: 10.1109/ICSMC.2003.1244628 [3] GeonLyang Kim, JinTae Oh, DongI Seo, JeongNyeo Kim, “The Design of Vulnerability Management System”, IJCSNS International Journal of Computer Science and Network Security, VOL.13 No.4, April 2013: pp. 19 – 24 [4] Manoj Kumar, Arun Sharma, “An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system”, Indian Academy of Sciences Sadhana Vol. 42, No. 9, September 2017, pp. 1481–1493, doi: 10.1007/s12046-017-0696-7
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 981 1’st Author Photo [5] Chee-Wooi Ten, Chen-Ching Liu, Govindarasu Manimaran, “Vulnerability AssessmentofCybersecurity for SCADA Systems”, IEEE Transactions on Power Systems, Vol. 23, no. 4, November 2008, pp. 1836-1846, doi: 10.1109/TPWRS.2008.2002298 [6] Jan-Min Chen, Chia-Lun Wu, “An automated vulnerability scanner for injection attack based on injection point”, 2010 International Computer Symposium (ICS2010), 16-18 Dec. 2010, pp. 113 – 118, doi: 10.1109/COMPSYM.2010.5685537 [7] Andrey Fedorchenko, Igor Kotenko, Andrey Chechulin, “Design of Integrated Vulnerabilities Database for Computer Networks Security Analysis”, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, 4-6 March 2015, pp. 559-566, doi: 10.1109/PDP.2015.38 [8] Armold; Hyla, Rowe, “Automatically Building an Information-Security Vulnerability Database”, 2006 IEEE Information Assurance Workshop”, 21-23 June 2006, pp. 376-377, doi: 10.1109/IAW.2006.1652119 [9] Ching-Huang Lin, Chih-Hao Chen, Chi-Sung Laih, “A Study and Implementation of Vulnerability Assessment and Misconfiguration Detection”,2008IEEEAsia-Pacific Services Computing Conference, 9-12 Dec. 2008, pp. 1252-1257, doi: 10.1109/APSCC.2008.212 [10] Yu, Y., Yang, Y., Gu, J., & Shen, L. (2011). Analysis and suggestions for the security of web applications. In Computer Science and Network Technology (ICCSNT), 2011 International Conference on, Vol. 1, pp. 236-240 [11] Pravin Kharat, Pramila Chawan, “Vulnerability Management System”, 2021 International Research Journal of Engineering and Technology (IRJET), 25-28 Nov 2021 BIOGRAPHIES Pravin P. Kharat M Tech. Dept. of Computer Engineering – NIMS, VJTI, Mumbai Prof. Pramila M. Chawan, is working as an Associate Professor in the Computer Engineering Department of VJTI, Mumbai. She has done her B.E. (Computer Engineering) and M.E. (Computer Engineering) from VJTI College of Engineering, Mumbai University. She has 28 years of teaching experienceandhasguided 85+ M. Tech. projects and 130+ B. Tech. projects. She has published 143 papers in the International Journals, 20 papers in the National/International Conferences/ Symposiums. She has worked as an Organizing Committee member for 25 International Conferences and 5 ICTE/MHRD sponsored Workshops/STTPs/FDPs. She has participated in 16 National/International Conferences. Worked as Consulting Editor on – JEECER, JETR, JETMS, Technology Today, JAM&AER Engg. Today, The Tech. World Editor – Journals of ADR Reviewer -IJEF, Inters cience She has worked as NBA Coordinator of the Computer Engineering Department of VJTI for 5 years. She had written a proposal under TEQIP-I in June2004 for ‘Creating Central Computing Facility at VJTI’. Rs. Eight Crore were sanctioned by the World Bank under TEQIP-I on this proposal. Central Computing Facility was set up at VJTI through this fund which has playeda key role in improving the teaching learning process at VJTI. warded by SIESRP with Innovative & Dedicated Educationalist Award Specialization: Computer Engineering & I.T. in 2020 AD Scientific Index Ranking (World Scientist and University Ranking 2022) – 2nd Rank- Best Scientist, VJTI Computer Science domain 1138th Rank- Best Scientist, Computer Science, India.
Ad

Recommended

A Study on Vulnerability Management
A Study on Vulnerability ManagementA Study on Vulnerability Management
A Study on Vulnerability Management
IRJET Journal
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
IRJET Journal
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
VESIT/University of Mumbai
 
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureVulnerability Management in IT Infrastructure
Vulnerability Management in IT Infrastructure
IRJET Journal
 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET Journal
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET Journal
 
WAVD: WEB APPLICATION VULNERABILITY DETECTOR
WAVD: WEB APPLICATION VULNERABILITY DETECTORWAVD: WEB APPLICATION VULNERABILITY DETECTOR
WAVD: WEB APPLICATION VULNERABILITY DETECTOR
vivatechijri
 
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
IRJET Journal
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
 
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionWeb Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web ApplicationsSelf-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
IRJET Journal
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdfPenetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Research Paper
Research PaperResearch Paper
Research Paper
David Chaponniere
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
ElanusTechnologies
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
IRJET Journal
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET Journal
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
eSAT Publishing House
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATIONBRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
Ad

More Related Content

Similar to Vulnerability Management System (20)

Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
 
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionWeb Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web ApplicationsSelf-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
IRJET Journal
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdfPenetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Research Paper
Research PaperResearch Paper
Research Paper
David Chaponniere
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
ElanusTechnologies
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
IRJET Journal
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET Journal
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
eSAT Publishing House
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
 
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and DiscussionWeb Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web ApplicationsSelf-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
IRJET Journal
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdfPenetration Testing Services_ Comprehensive Guide 2024.pdf
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Research Paper
Research PaperResearch Paper
Research Paper
David Chaponniere
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
ElanusTechnologies
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection System
IRJET Journal
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET Journal
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
eSAT Publishing House
 

More from IRJET Journal (20)

Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATIONBRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ..."Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer VisionBreast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
FIR filter-based Sample Rate Convertors and its use in NR PRACH
FIR filter-based Sample Rate Convertors and its use in NR PRACHFIR filter-based Sample Rate Convertors and its use in NR PRACH
FIR filter-based Sample Rate Convertors and its use in NR PRACH
IRJET Journal
 
Kiona – A Smart Society Automation Project
Kiona – A Smart Society Automation ProjectKiona – A Smart Society Automation Project
Kiona – A Smart Society Automation Project
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based CrowdfundingInvest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUBSPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
IRJET Journal
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATIONBRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ..."Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer VisionBreast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
FIR filter-based Sample Rate Convertors and its use in NR PRACH
FIR filter-based Sample Rate Convertors and its use in NR PRACHFIR filter-based Sample Rate Convertors and its use in NR PRACH
FIR filter-based Sample Rate Convertors and its use in NR PRACH
IRJET Journal
 
Kiona – A Smart Society Automation Project
Kiona – A Smart Society Automation ProjectKiona – A Smart Society Automation Project
Kiona – A Smart Society Automation Project
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based CrowdfundingInvest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUBSPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
AR Application: Homewise VisionMs. Vaishali Rane, Om Awadhoot, Bhargav Gajare...
IRJET Journal
 
Ad

Recently uploaded (20)

Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
ELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdfELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdf
Shiju Jacob
 
Avnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights FlyerAvnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights Flyer
WillDavies22
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Compiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptxCompiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptx
RushaliDeshmukh2
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
railway wheels, descaling after reheating and before forging
railway wheels, descaling after reheating and before forgingrailway wheels, descaling after reheating and before forging
railway wheels, descaling after reheating and before forging
Javad Kadkhodapour
 
Level 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical SafetyLevel 1-Safety.pptx Presentation of Electrical Safety
Level 1-Safety.pptx Presentation of Electrical Safety
JoseAlbertoCariasDel
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
ELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdfELectronics Boards & Product Testing_Shiju.pdf
ELectronics Boards & Product Testing_Shiju.pdf
Shiju Jacob
 
Avnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights FlyerAvnet Silica's PCIM 2025 Highlights Flyer
Avnet Silica's PCIM 2025 Highlights Flyer
WillDavies22
 
International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)International Journal of Distributed and Parallel systems (IJDPS)
International Journal of Distributed and Parallel systems (IJDPS)
samueljackson3773
 
Compiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptxCompiler Design_Lexical Analysis phase.pptx
Compiler Design_Lexical Analysis phase.pptx
RushaliDeshmukh2
 
some basics electrical and electronics knowledge
some basics electrical and electronics knowledgesome basics electrical and electronics knowledge
some basics electrical and electronics knowledge
nguyentrungdo88
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Introduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICSIntroduction to FLUID MECHANICS & KINEMATICS
Introduction to FLUID MECHANICS & KINEMATICS
narayanaswamygdas
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
theory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptxtheory-slides-for react for beginners.pptx
theory-slides-for react for beginners.pptx
sanchezvanessa7896
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
railway wheels, descaling after reheating and before forging
railway wheels, descaling after reheating and before forgingrailway wheels, descaling after reheating and before forging
railway wheels, descaling after reheating and before forging
Javad Kadkhodapour
 
Ad

Vulnerability Management System

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 976 Vulnerability Management System Pravin P. Kharat1, Prof. Pramila M. Chawan2 1M. Tech Student, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India 2Associate Professor, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - In simple terms, a vulnerability in cyber security refers to any fault or flaw, or weakness in an information system, internal controls, or system processes of an organization. It can also be defined as a flaw or a fault in the source code design which determines the application malfunctions. Therefore, a good Vulnerability Management plan should be implemented to avoid attacks on the system or to minimize the damages produced by a cyberattack.Toavoid such damages manual source code inspections or security audits are performed, which requires highly trained cyber security engineers, and it requiresmoretime, which isproneto errors. For this reason, there is a need to automate such processes to discover vulnerabilities. This results in the implementation of the Vulnerability Management System, which will automate security testing for the identification of vulnerabilities caused in the software products. Key Words: Vulnerability, Vulnerability Management System, Algorithm, Software testing, Web based application. 1. INTRODUCTION Many organizations have embraced the technologiessuchas software applications, web applications, software products, and many more to explore their new business opportunities and few organizations are beingforcedtoadopte-commerce due to advancementsinsoftwaretechnologies,customers,or competitors. Software applications and web applications have been gaining popularity day by day, and these applications come up with different components which are highly complex and written bydifferentsoftwaredevelopers in different smaller chunks. Most of these applications failto give proper output due to untreated cases or flaws. Therefore, the software application or Operating system which contains untreated cases, flaws, or weaknesses are known as software vulnerabilities. Later, the flaws in the source code of the application can be exemplifiedasanentry point for the hacker and can be treated as a software vulnerability. Despite all the security measures, the number of vulnerabilities discovered continues to grow as the number of users using the internet has increased. Any device which contains software functions can tend to have source code errors, logical errors, and flaws. Thus, the existence of detection techniquesismandatoryforsoftwarevulnerability remediation as well as prevention. To avoid such situations manual testing, security audits, or code inspections are to be performed by highly skilled cyber security engineers or experts. But as it is labour intensive and expensive and prone to errors; automating the above steps to discover respective vulnerabilities for the software applications is required. 1.1 Software Vulnerabilities An error or a flaw or a weakness of the application's source code that an attacker or a hacker can take advantage of is known as software vulnerability. These errors tend to make the system function abnormally and undesirable actions. These flaws or errors in code may arise due to the lack of knowledge of the developer or programmer who is developing the software application. These flawsmayleadto system crashes, loss of data, reputational damage, major damage to the targeted system, loss of customers, personal data being exposed, etc. 1.2 Types of Vulnerabilities The common security goals i.e., confidentiality, availability, integrity, non-repudiation, and usability, can be affected by the software vulnerabilities. Following listed below are cyberattacks associated with software vulnerabilities: Phishing: Phishing is a cyberattack that attempts to steal sensitive information.Thissensitiveinformationcanbelogin credentials and credit card details. This attack can also be a form of social engineering where an attackertriestomislead the user into clicking a maliciouslink created bytheattacker, downloading some malicious attachments, or revealing sensitive data. DDoS Attacks: Distributed denial of service attack is an attempt to spoil an online service or a website or a server or network by making it unavailable by sending many access requests that it cannot manage. Computer Viruses: Computer code or a program that modifies the way a computer behaves is known as Viruses. They are meant to spread through contaminated data, files, and insecure networks. And once it enters the system, it can replicate and spread from one programtoanotherandinfect other computer systems also.
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 977 Attack Vectors: Attack vector is a malicious term used to discover system vulnerability points, launchcyberattacksor install malicious software. Following are the four important attack vectors: Drive-by, Zero-day attack, MITM (man in the middle), SQL Injection. Vulnerability Management System is not only intended to identify and evaluate vulnerability, but it will alsogeneratea detail report which will report of the vulnerability point found in the software application which will be tested. 2. LITERATURE REVIEW In thissection summarization oftheexistingresearchworkis done. A new vulnerable management system will be created based on the existing work with additional functionality. Mădălina Aldea.[1] The author in this paper has introduceda new vulnerability management system i.e., SV – IMS – Software Vulnerability Integrated Management System.This system can perform security tests to detect software vulnerabilities and the result of this test can be viewed upon a dedicated platform. It also gives defines the CVSS i.e., Common Vulnerability Scoring System, which is an international scoring system that describes how severe a vulnerability is. Robert A. Martin.[2] The author in this research paper describes Common Vulnerability Exposure (CVE) and Open Vulnerability Assessment Language (OVAL) which are a pair of international, community-based efforts amongstindustry, government, and academia. Where CVE is aimed to create a means for making vulnerability alerts more applicable to individual enterprises and OVAL is aimed to provide the means for standardized vulnerability assessment and result in uniform and standardized information assurance parameters for systems. GeonLyang Kim.[3] The author of this research paper has introduced a new method for constructing and managing Vulnerabilities by creating a vulnerability database. In this research work,a new National VulnerabilityDatabase(NDV) system is created which can be used by various enterprises. While referring a new vulnerability found can also be registered in the NVD system. Manoj Kumar.[4] In this author proposed a framework that uses a knowledge base and inference engine. Using this the vulnerability management automatically takes required actions, classifies, prioritizes,and mitigatesthevulnerability. The proposed system reduces the threats, security risks,and reputational and Monterey loss. Chee-Wooi Ten.[5] This Author has proposed a Vulnerability assessment framework that evaluatesthevulnerabilityofthe SCADA system. This is done at three levels – System, Scenarios, and access points. This framework is based on the system which has firewall and password models. This proposed framework also evaluates the impact of the attack launched and countermeasures are identified for improvement of cyber security. Jan-Min Chen.[6] In this paper, the author has implemented an automated vulnerability scanner that identifies the injection attack vulnerabilities. This system automatically examines the website to find the XSS and SQL injection vulnerabilities. The proposed system also uses NVD i.e., National Vulnerability Database. Andrey Fedorchenko.[7] In this research paper, the author has proposed the process of integrating a vulnerability database system. Thisintegrateddatabasecanbeusedforthe further application of security systems. In this paper, the structureof the vulnerabilities databaseissuggested,andthe process of vulnerabilities database generation is suggested. 3. PROPOSED SYSTEM 3.1 Problem Statement To developa VulnerabilityManagement System(VMS)which will detect vulnerability using source code and Binary code analysis of the software product and also analyze the intensity of the vulnerability found. 3.2 Proposed Methodology A hybrid algorithm is developed which automates the process of scanning software applications. The majorgoal of the proposed algorithm is to automate and increase the accuracy of vulnerability detection. Although theaccuracyis not achieved at 100% but an effort is made to put up the proposed system above the existing systems. The proposed hybrid algorithm is similar to the existing algorithms. The OWASP results are considered with the output for better reasoning andunderstanding.OWASPresultsareupdatedon the regular basis to avoid any inconvenience. The proposed system’s hybrid algorithm is mainly based on the concept of combining different features which are of different components. This will result in the new algorithm which will give more impactful results on the respective scans. Therefore, the combination of such features from different components has been done based on optimization and sophistication among other componentswiththegoal of increasing the accuracy or efficiency ofthehybridalgorithm. The Hybrid algorithm mainly consists of five phases i.e., Inspection, Scanning, Attack Detection, Analysis, and Reporting. The inspection which can also be called crawling, mainly focuses on fetching information about the application. The more informationgatheredinthisphasethe more successful the entire executed scan will be.Afterphase 1, phase 2 consists of scanning. Scanning is the process in which the algorithm will identify the weaknessofthesystem on which the scan is been initiated. Once the scanning
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 978 process is completed, the next step will be to identify the attacks or vulnerabilities and perform an analysistoidentify the vulnerability definition and remediation methods. Later Reporting phase is initiated to generate a well informative report for the scan which was performed. Fig -1: Component of VMS A detailed description of the flow for the developed Hybrid algorithm: Fig -2: Flowchart for VMS The initial stage accordingtothephasediagramisinspection which can be called as requirementorinformationgathering stage. After phase 1, the next process involves mainly crawling and parsing, and identifying new vulnerabilities. Phase 2 is repeated until all the vulnerabilities of the applications are not discovered. A further step includes analysis of the vulnerabilities found to identify proper definitions according to the OWASP and getting proper remediation for the same. Further, this analysis is summarized, and the final report is generated as an end result. Input: Input is mainly provided by the user who is going to initiate the scanning. This input can be an IP address or the URL for the application which needs to be scanned by the VMS. Processing: This step mainly involves fuzzing, crawling the pages, and identifyingthe weakness,andlatervulnerabilities are identified based on the weaknesses identified. Output: Output will be generated after the proper analysis process is done. Fig -3: Flowchart for XSS
  • 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 979 Many different scanning methodsareusedinVMSalgorithm, considering one following method is used for Cross Site Scripting: 1. For each URL in the list of the visited URLs a) Identify all parameters b) Push the parameters in the list. c) For each of the parameter in the list i) give input as a XSS test case or script to the parameter and pass the request. ii) verify the respective response 2. Report the Vulnerability 3.3 Tools These experiments or practical were performed by running different methods/tool with its respective scripts. These methods were installedand executedonVirtual machine and have the similar configurations and resources. 1. Nmap: For probing computer networks, Nmap offers several functions, including host discovery, service detection, and operating system detection. Scripts that offer more sophisticated service discovery, vulnerability detection, and other features can extend these features. During a scan, Nmap can adjust to changing network conditions, such as latency and congestion. 2. Dirbuster: DirBuster is an application with a GUI interfacedeveloped in Java. It is used to find concealed files and directories by brute-forcing files & directorieswiththeaimofgainingsome significant information that could help in cyber-attacks. A wordlist could influence how effective such a tool is; the more effective the wordlist, the more effective the instrument. 3. Xsser: Cross-Site "Scripter" (also known as XSSer) is an automatic framework for finding, using andreporting XSSflawsinweb- based applications. There are numerous ways to attempt to get around particular filters, as well as numerous unique code injection strategies. 4. Dnswalk: A DNS (Domain Name System) debugger is called Dnswalk. Dnswalk carries out zone transfers for specified domains and executes precise database integritychecksina variety of ways. 5. whois: A query and response protocol i.e., WHOIS, which is pronounced "who is," is frequently used for accessing databases that list the registered users or assignees of Internet resources like domain names, blocks of IP addresses, and autonomous systems. On most UNIX systems, the command-line utility used to do WHOIS protocol searches is called whois. Additionally, Referral Whois is a sibling protocol of WHOIS (RWhois). 6. Nikto: Nikto is a free command-line vulnerabilityscannerthatlooks for unsafe files/CGIs, out-of-date server software, and other issues on web servers. Checks are run on both generic and server-specific levels. Any cookies that are received are also recorded and printed. The data files used by Nikto to runthe program are not free software, but the Nikto code itself is. Nikto can identify more than 6700 potentially harmful files and CGIs, as well as version-specific issuesonmorethan270 servers and obsolete versions on more than 1250 servers. Nikto can also identify installed web servers and software and checks for server configuration elements. 7. Dnsmap: Dnsmap uses an internal or external wordlist to search a domain for common subdomains (if specified using -w option). There are about 1000 words in both English and Spanish on the internal wordlist, including ns1, firewall services, and smtp. Therefore, an automatic search for smtp.example.com within example.comwill beavailable.For additional processing, results can be saved in CSV and human-readable formats. Dnsmap should not be executed with root privileges for security reasons because it does not need them to function. 9. Uniscan: An open-source program called Uniscan can check web applications for serious flaws including cross-site scripting, blind SQL injection, remote file inclusion, web shell vulnerabilities, and hidden backdoors, among others. In addition to assessing vulnerabilities, Uniscan has the ability to search Google and Bing for domains using shared IP addresses. 3.4 Resources required for the VMS tool Operating System: Kali Linux or Ubuntu OS or System configured with Virtual Machine with same OS. The system and virtual machines specifications are as - processor, 2.6 GHZ Core i5, 2 GB RAM, 100 GB HDD and OS as above mentioned.
  • 5. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 980 4. RESULTS AND DISCUSSION Fig -4: Screenshot for web app of VMS tool Fig -5: Screenshot of VMS URL input Fig -6: Screenshot of VMS tool output Vulnerability Management System generated better and faster results overall. It can automate the VA and PT process till particular instance. Also, it is able to identify the present vulnerabilities and specific remediation based on the vulnerability found and generate report with severity levels accordingly. The sole disadvantage is that, according to reports, it takes more time to scan than the majority of the web scanners utilized in this study. Although its performance is not perfect, compared to other tools, it has a larger capacity to detect more flaws. 5. CONCLUSION & RECOMMENDATIONS 5.1 Conclusion The proposed Vulnerability Management System based on the hybrid algorithm extensively work to identify vulnerabilities basedonsoftware-basedapplications.Testing of such applicationsisdoneforsafeguardingit.Thesuggested hybrid method presents additional vulnerabilities and does so in a professional manner when reporting those that have been found. However, because not all of the current vulnerabilities were completely scanned by the suggested hybrid approach. To make sure that "deep" crawling was carried out, thealgorithm'scrawlingcomponentneededtobe increased. The resultsalsoindicatethattheproposedmethod needs to be improved in order to complete the scanning quickly. To create an algorithm with the ability to identify more vulnerabilities, more study and research is required. 5.2 Recommendations i) Improve crawling capabilities: The proposed hybrid algorithm requires more methods and functions for crawling mechanisms so that VMS will be able to scan all the contents of any URL or a web application, without skipping any content of the webpage. ii) Improve Analysis and Reporting: VMS algorithms need to improve the accuracy so that the identified vulnerability can be stated with the severity level. To obtain high-end accuracy more sophisticated methods must be used during the scanning processwhichwill require more research and practical implementation of the algorithm. VMS system can be upgraded for analysis and reporting in such a way that the vulnerabilities can be visualized and can be shown in a representablemannerwith the severity levels. iii) Reducing scanning time: There need to be proper results which is generated in short time frame with better accuracy and reporting. It needs to improve overall scanning method using more scripts and identification of more vulnerabilities. REFERENCES [1] Mădălina Aldea, Daniel Gheorghică, Victor Croitoru, “Software Vulnerabilities Integrated Management System”, 2020 13th International Conference on Communications (COMM), IEEE, 2020: pp. 97 - 102, doi: 10.1109/COMM48946.2020.9141970 [2] Robert A. Martin, “IntegratingYourInformationSecurity Vulnerability Management Capabilities Through Industry Standards (CVE & OVAL)”, 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance, pp. 1528 – 1533), doi: 10.1109/ICSMC.2003.1244628 [3] GeonLyang Kim, JinTae Oh, DongI Seo, JeongNyeo Kim, “The Design of Vulnerability Management System”, IJCSNS International Journal of Computer Science and Network Security, VOL.13 No.4, April 2013: pp. 19 – 24 [4] Manoj Kumar, Arun Sharma, “An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system”, Indian Academy of Sciences Sadhana Vol. 42, No. 9, September 2017, pp. 1481–1493, doi: 10.1007/s12046-017-0696-7
  • 6. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 981 1’st Author Photo [5] Chee-Wooi Ten, Chen-Ching Liu, Govindarasu Manimaran, “Vulnerability AssessmentofCybersecurity for SCADA Systems”, IEEE Transactions on Power Systems, Vol. 23, no. 4, November 2008, pp. 1836-1846, doi: 10.1109/TPWRS.2008.2002298 [6] Jan-Min Chen, Chia-Lun Wu, “An automated vulnerability scanner for injection attack based on injection point”, 2010 International Computer Symposium (ICS2010), 16-18 Dec. 2010, pp. 113 – 118, doi: 10.1109/COMPSYM.2010.5685537 [7] Andrey Fedorchenko, Igor Kotenko, Andrey Chechulin, “Design of Integrated Vulnerabilities Database for Computer Networks Security Analysis”, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, 4-6 March 2015, pp. 559-566, doi: 10.1109/PDP.2015.38 [8] Armold; Hyla, Rowe, “Automatically Building an Information-Security Vulnerability Database”, 2006 IEEE Information Assurance Workshop”, 21-23 June 2006, pp. 376-377, doi: 10.1109/IAW.2006.1652119 [9] Ching-Huang Lin, Chih-Hao Chen, Chi-Sung Laih, “A Study and Implementation of Vulnerability Assessment and Misconfiguration Detection”,2008IEEEAsia-Pacific Services Computing Conference, 9-12 Dec. 2008, pp. 1252-1257, doi: 10.1109/APSCC.2008.212 [10] Yu, Y., Yang, Y., Gu, J., & Shen, L. (2011). Analysis and suggestions for the security of web applications. In Computer Science and Network Technology (ICCSNT), 2011 International Conference on, Vol. 1, pp. 236-240 [11] Pravin Kharat, Pramila Chawan, “Vulnerability Management System”, 2021 International Research Journal of Engineering and Technology (IRJET), 25-28 Nov 2021 BIOGRAPHIES Pravin P. Kharat M Tech. Dept. of Computer Engineering – NIMS, VJTI, Mumbai Prof. Pramila M. Chawan, is working as an Associate Professor in the Computer Engineering Department of VJTI, Mumbai. She has done her B.E. (Computer Engineering) and M.E. (Computer Engineering) from VJTI College of Engineering, Mumbai University. She has 28 years of teaching experienceandhasguided 85+ M. Tech. projects and 130+ B. Tech. projects. She has published 143 papers in the International Journals, 20 papers in the National/International Conferences/ Symposiums. She has worked as an Organizing Committee member for 25 International Conferences and 5 ICTE/MHRD sponsored Workshops/STTPs/FDPs. She has participated in 16 National/International Conferences. Worked as Consulting Editor on – JEECER, JETR, JETMS, Technology Today, JAM&AER Engg. Today, The Tech. World Editor – Journals of ADR Reviewer -IJEF, Inters cience She has worked as NBA Coordinator of the Computer Engineering Department of VJTI for 5 years. She had written a proposal under TEQIP-I in June2004 for ‘Creating Central Computing Facility at VJTI’. Rs. Eight Crore were sanctioned by the World Bank under TEQIP-I on this proposal. Central Computing Facility was set up at VJTI through this fund which has playeda key role in improving the teaching learning process at VJTI. warded by SIESRP with Innovative & Dedicated Educationalist Award Specialization: Computer Engineering & I.T. in 2020 AD Scientific Index Ranking (World Scientist and University Ranking 2022) – 2nd Rank- Best Scientist, VJTI Computer Science domain 1138th Rank- Best Scientist, Computer Science, India.