Shear wave velocity measurements during penetration testing

Hepton, Peter

January 1989

No description available.

631.4

Seismic penetration testing

Cone Penetration Testing and Hydrogeological Monitoring of a Retrogressive Landslide in Champlain Sea Clay

Potvin, JOSHUA

28 September 2013

Champlain Sea Clay (also known as Leda Clay) is a sensitive marine clay that was deposited within the limits of the Champlain Sea transgression during the final retreat of the Laurentide ice sheet. Upon isostatic rebound, the watersheds incised deep river valleys throughout the Ottawa region. These sensitive clay river banks have been shown to be highly susceptible to large retrogressive landslides. A cone penetration testing and hydrogeological program was developed in this thesis to characterize a retrogressive landslide along a creek valley consisting mainly of Champlain Sea Clay. As Champlain Sea Clay has been commonly shown to consist of banded layers, a 2 cm2 piezocone, and 5 cm2, 10 cm2 and 15 cm2 CPTu cones were used to demonstrate that the slightly larger 5 cm2 penetrometer was the most practical size for investigating landslides in Champlain Sea Clay. In doing so, the 5 cm2 cone was capable of high resolution stratigraphic profiling, locating remoulded layers for slip surface detection and characterizing the Champlain Sea Clay landslide near Ottawa. Due to the significant effects of the pore pressure distribution on slope stability and retrogressive behavior, a long term hydrogeological program was initiated which defined the ground water regime and real-time pore pressure data during a retrogressive landslide event. The seasonal change in the ground water regime from rapid snowmelt has shown to be a significant hydrogeological influence on triggering a retrogressive landslide along Mud Creek. With regular monitoring over multiple seasons, the seasonal pore pressure changes can be used to further understand the long term development of retrogressive landslides in Champlain Sea Clay. / Thesis (Master, Civil Engineering) -- Queen's University, 2013-09-27 14:13:40.196

landslide

cone penetration testing

piezometers

geotechnical investigation

Cloud Security : Penetration Testing of Application in Micro-service architecture and Vulnerability Assessment.

Kothawade, Prasad, Bhowmick, Partha Sarathi

January 2019

Software as a Service (SaaS) is a modern software product model that provides an awesome experience and dynamic platform for the expedition, communication and creating new features in a short amount of time. Cloud platforms provide an outstanding foundation for Software as a solution with their on user-demand infrastructure and application service. We can say that microservice architecture as the optional architecture for a cloud-hosted solution. Microservice architecture is not that much build-up, it just started getting attraction from various industries who want to market for their product in a short time by expanding productivity through increasing automation in the whole product lifecycle[1]. Microservice architecture approach come-up with lots of new complexity and it need a certain level of maturity development to confidently apply the architectural style. The challenge we are facing is how do we make sure the system stays safe and doesn't get hacked or leak data in this more complex and versatile cloud environment. Hence, we need to do penetration testing on the newly developed application in a microservice architecture.

Micro- Service

Penetration Testing

Cloud Security

Engineering and Technology

Teknik och teknologier

A Model-driven Penetration Test Framework for Web Applications

Xiong, Pulei

12 January 2012

Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle. In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach. A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.

Penetration Testing

Test Framework

Web Application Security

Model-Driven

A Model-driven Penetration Test Framework for Web Applications

Xiong, Pulei

12 January 2012

Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle. In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach. A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.

Penetration Testing

Test Framework

Web Application Security

Model-Driven

A Model-driven Penetration Test Framework for Web Applications

Xiong, Pulei

12 January 2012

Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle. In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach. A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.

Penetration Testing

Test Framework

Web Application Security

Model-Driven

Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-box Web Vulnerability Scanners

Khalil, Rana Fouad

19 December 2018

Black-box web application vulnerability scanners are automated tools that are used to crawl a web application to look for vulnerabilities. These tools are often used in one of two ways. In the first approach, scanners are used as Point-and-Shoot tools where a scanner is only given the root URL of an application and asked to scan the site. Whereas, in the second approach, scanners are first configured to maximize the crawling coverage and vulnerability detection accuracy. Although the performance of leading commercial scanners has been thoroughly studied, very little research has been done to evaluate open-source scanners. This paper presents a feature and performance evaluation of five open-source scanners. We analyze the crawling coverage, vulnerability detection accuracy, scanning speed, report- ing and usability features. The scanners are tested against two well known benchmarks: WIVET and WAVSEP. Additionally, the scanners are tested against a realistic web application called WackoPicko. The chosen benchmarks are composed of a wide range of vulnerabilities and crawling challenges. Each scanner is tested in two modes: default and configured. Lastly, the scanners are compared with the state of the art commercial scanner Burp Suite Professional. Our results show that being able to properly crawl a web application is a critical task in detecting vulnerabilities. Unfortunately, the majority of the scanners evaluated had difficulty crawling through common web technologies such as dynamically generated JavaScript content and Flash applications. We also identified several classes of vulnerabilities that are not being detected by the scanners. Furthermore, our results show that scanners displayed considerable improvement when run in configured mode.

web application

vulnerability scanners

penetration testing

web security

A Model-driven Penetration Test Framework for Web Applications

Xiong, Pulei

January 2012

Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle. In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach. A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.

Penetration Testing

Test Framework

Web Application Security

Model-Driven

Aplikace na podporu testování bezpečnosti webových aplikací / Application that supports penetration tests of web applications

Holovová, Simona

January 2020

This master´s thesis is about the security of web applications and penetration testing. The main goal is to gain knowledge about testing methodologies OWASP Testing Guide and ASVS and to implement this knowledge into a web application to assist during manual penetration testing. The theoretical part of the thesis describes both methodologies and web technologies used during the development of the application. The practical part of the thesis is about the design of the application based on the specification, its implementation, and security hardening.

The Effects of Vibration on the Penetration Resistance and Pore Water Pressure in Sands

Bonita, John Anthony

07 November 2000

The current approach for using cone penetration test data to estimate soil behavior during seismic loading involves the comparison of the seismic stresses imparted into a soil mass during an earthquake to the penetration resistance measured during an in-situ test. The approach involves an indirect empirical correlation of soil density and other soil related parameters to the behavior of the soil during the loading and does not involve a direct measurement of the dynamic behavior of the soil in-situ. The objective of this research was to develop an approach for evaluating the in-situ behavior of soil during dynamic loading directly through the use of a vibrating piezocone penetrometer. Cone penetration tests were performed in a large calibration chamber in saturated sand samples prepared at different densities and stress levels. A total of 118 tests were performed as part of the study. The piezocone penetrometer used in the investigation was subjected to a vibratory load during the penetration test. The vibratory units used in the investigations were mounted on top of a 1m section of drill rod that was attached at the lower end to the cone penetrometer. Pneumatic impact, rotary turbine, and counter rotating mass vibrators were used in the investigation. The vibration properties generated by the vibratory unit and imparted into the soil were measured during the penetration test by a series of load cells and accelerometers mounted below the vibrator and above the cone penetrometer, respectively. The tip resistance, sleeve friction and pore water pressure were also measured during the test by load cells and transducers in the cone itself. The vibration and cone data were compiled and compared to evaluate the effect of the vibration on the penetration resistance and pore water pressure in the soil mass. The results of the testing revealed that the influence of the vibration on the penetration resistance value decreased as the density and the mean effective stress in the soil increased, mainly because the pore water pressure was not significantly elevated throughout the entire zone of influence of the cone penetometer at the elevated stress and density conditions. An analysis of the soil response during the testing resulted in the generation of a family of curves that relates the soil response during the vibratory and static penetration to the vertical effective stress and density of the soil. The data used to generate the curves seem to agree with the proposed values estimated through the empirical relationship. An evaluation of the effects of the frequency of vibration was also performed as part of the study. The largest reduction in penetration resistance occurred when the input vibration approximated the natural frequency of the soil deposit, suggesting that resonance conditions existed between the input motion and the soil. An energy-based approach was developed to compare the energy imparted into the soil by the vibrator to the energy capacity of the soil. The input energy introduced into the soil mass prior to the reduction in penetration resistance agrees well with the energy capacity of the soil, especially in tests at the low effective stress level where a high excess pore water pressure was observed. / Ph. D.

Pore Water Pressure

Soil Dynamics

Liquefaction

Cone Penetration Testing

Vibration