International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

The Importance of Ethical Hacking Tools and Techniques in Software Development Life Cycle

  • Received : 2023.06.05
  • Published : 2023.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

Keywords

References

  1. Luo, C., Bo, W., Kun, H., & Yuesheng, L. (2020). Study on Software Vulnerability Characteristics and Its Identification Method. Mathematical Problems in Engineering, 2020.
  2. "What is Ethical Hacking | Types of Ethical Hacking | EC-Council." https://www.eccouncil.org/ethical-hacking/ (accessed May 11, 2021).
  3. S. Patil, A. Jangra, M. Bhale, A. Raina and P. Kulkarni, "Ethical hacking: The need for cyber security," 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI), Chennai, India, 2017, pp. 1602-1606, doi: 10.1109/ICPCSI.2017.8391982.
  4. Bertoglio, Daniel & Zorzo, Avelino. (2017). Overview and open issues on penetration test. Journal of the Brazilian Computer Society. 23. 10.1186/s13173-017- 0051-1.
  5. Bacudio, Aileen & Yuan, Xiaohong & Chu, Bei & Jones, Monique. (2011). An Overview of Penetration Testing. International Journal of Network Security & Its Applications. 3. 19-38. 10.5121/ijnsa.2011.3602.
  6. "13 Physical Penetration Testing Methods (That Actually Work)," PurpleSec, Jul. 17, 2019. https://purplesec.us/physical-penetration-testing/ (accessed May 11, 2021).
  7. Mohino, de Higuera, Juan-Ramon & Montalvo, Juan Antonio. (2019). The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies. Electronics. 8. 1218. 10.3390/electronics8111218.
  8. c, Nagadeepa & Mohan, Reenu. (2019). Ethical Hacking: Cyber-Crime Survival in the Digital World. International Journal of Recent Technology and Engineering. 8. 10.35940/ijrte. D4612.118419.
  9. Nishadhi, Nimesha. (2020). Ethical Hacking as A Method to Enhance Information Security. Cyber attack protection methodology.
  10. Shi, Junyan & Li, Juanjuan. (2016). The Security and Protection Strategy Study of Computer Network Information. 10.2991/icence-16.2016.7.
  11. "Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution," Kali Linux. https://www.kali.org/ (accessed May 10, 2021).
  12. "Parrot Security." https://www.parrotsec.org/ (accessed Mar. 31, 2021).
  13. "Homepage," BackBox.org. https://www.backbox.org/ (accessed May 10, 2021).
  14. "BlackArch Linux - Penetration Testing Distribution." https://blackarch.org/ (accessed May 10, 2021).
  15. "Security Lab." https://labs.fedoraproject.org/en/security/ (accessed May 10, 2021)."Dracos Linux." https://dracos-linux.org/ (accessed May 10, 2021).
  16. "Bugtraq -ArchiveOS." https://archiveos.org/bugtraq/ (accessed May 10, 2021).
  17. "CAINE Live USB/DVD - computer forensics digital forensics." https://www.caine-live.net/ (accessed May 10, 2021).
  18. "Samurai Web Testing Framework - SecTools Top Network Security Tools." https://sectools.org/tool/samurai/ (accessed May 10, 2021).
  19. "Network Security Toolkit (NST 32)." https://www.networksecuritytoolkit.org/nst/index.htm (accessed May 10, 2021).
  20. "Demon Linux." https://www.demonlinux.com/ (accessed May 10, 2021).
  21. "ArchStrike." https://archstrike.org/ (accessed May 10, 2021).
  22. "ANDRAX Hackers Platform." https://andrax.thecrackertechnology.com/ (accessed May 10, 2021)
  23. "OWASP ZAP Zed Attack Proxy OWASP." https://owasp.org/www-project-zap/ (accessed May 11, 2021).
  24. "Netsparker | Web Application Security For Enterprise."https://www.netsparker.com/?utm_source=guru99&utm_medium=referral&utm_content=product+description&utm_campaign=generic+advert (accessed May 11, 2021).
  25. "Acunetix | Web Application Security Scanner," Acunetix. https://www.acunetix.com/ (accessed May 11, 2021).
  26. "Intruder | An Effortless Vulnerability Scanner." https://www.intruder.io/?utm_source=referral&utm_campaign=guru99_penetration_testing_tools (accessed May 11, 2021).
  27. "Web Application Scanning (WAS) - Vulnerability Scanning by Indusface." https://www.indusface.com/web-application-scanning.php (accessed May 11, 2021).
  28. "Intrusion Detection Software - IDS Security System | SolarWinds." https://www.solarwinds.com/security-event-manager/use-cases/intrusion-detection-software (accessed May 11, 2021).
  29. "Take a tour | w3af - Open Source Web Application Security Scanner." http://w3af.org/take-a-tour (accessed May 11, 2021).
  30. "Metasploit | Penetration Testing Software, Pen Testing Security," Metasploit. https://www.metasploit.com/ (accessed May 11, 2021).
  31. "Nmap: the Network Mapper - Free Security Scanner." https://nmap.org/ (accessed May 11, 2021).
  32. "Wireshark.Go Deep." https://www.wireshark.org/ (accessed May 11, 2021).
  33. "OpenVAS - OpenVAS - Open Vulnerability Assessment Scanner." https://www.openvas.org/ (accessed May 11, 2021).
  34. "IronWASP: An Introduction - Infosec Resources." https://resources.infosecinstitute.com/topic/ironwasp-part-1-2/ (accessed May 11, 2021).
  35. g0tmi1k, "Nikto." https://tools.kali.org/information-gathering/nikto (accessed May 11, 2021).
  36. "sqlmap: automatic SQL injection and database takeover tool." https//sqlmap.org/ (accessed May 11, 2021).
  37. "sqlninja - a SQL Server injection & takeover tool." http://sqlninja.sourceforge.net/ (accessed May 11, 2021).
  38. "Wapiti : a Free and Open-Source web-application vulnerability scanner in Python for Windows, Linux, BSD, OSX." https://wapiti.sourceforge.io/ (accessed May 11, 2021).
  39. "Dradis Community Edition | Dradis Framework." https://dradisframework.com/ce/ (accessed May 11, 2021).
  40. "Ettercap Home Page." https://www.ettercap-project.org/ (accessed May 11, 2021).
  41. "Burp Suite - Application Security Testing Software - PortSwigger." https://portswigger.net/burp (accessed May 11, 2021).
  42. "Arachni - Web Application Security Scanner Framework," Arachni - Web Application Security Scanner Framework. https://www.arachni-scanner.com/ (accessed May 11, 2021).