China
Africa
Explore chapters and articles related to this topic
Security in Smart Grids
Published in Hongjian Sun, Chao Wang, Bashar I. Ahmad, From Internet of Things to Smart Cities, 2017
Julia. Sánchez, Agustín Zaballos, Ramon. Martin de Pozuelo, Guiomar. Corral, Alan. Briones
Reconnaissance phase is not performed because the information needed about the target system is known. Analysis is performed with Gray Box testing because some information about the system is known. Then, in the Scanning phase, ports opened and services running are discovered. Nmap tool has been used to form a fingerprint of the target. The scanning performed discloses information about opened ports, services running and their versions and operating systems used. After, a Vulnerabilities analysis step looks for vulnerabilities associated to components by its technical characteristics and services that are running in the system and discovered in the Scanning phase. It is possible to perform a search on CVE (Common Vulnerabilities and Exposures) databases, to check the vulnerabilities associated to the components used and services discovered. All possible vulnerabilities have been analyzed and the impact to Confidentiality and Integrity of data and Availabilty of services has been valuated. Also, an Implementation vulnerabilities analysis is performed to analyze API’s code to find vulnerabilities associated to authentication methods, file storage operation and creation of containers to storing data. Some tests have been performed against the API to check its vulnerabilities due to poor code writing or poor application design. In the Exploitation phase some tests have been performed thanks to information gathered in scanning phase and vulnerabilities analysis, thus checking if the system is robust enough against some feasible attacks and vulnerabilities. Different types of attacks and their impact on Confidentiality and Integrity of data and Availability of services have been evaluated: Injection attacks (SQL injection, Cross-Site Request Forgery and Cross-Site Scripting), SSL related attacks (using sniffing methods and SSLStrip tool) and DoS attacks. Finally, in the Reporting phase, processes, tests and results are reported to conclude the security audit, including solutions or countermeasures to problems found.
AI-enabled IoT penetration testing: state-of-the-art and research challenges
Published in Enterprise Information Systems, 2023
Claudia Greco, Giancarlo Fortino, Bruno Crispo, Kim-Kwang Raymond Choo
• Web application vulnerabilities such as client-side injection, cross-site scripting (XSS), sensitive data leakage, insecure authentication and authorisation mechanisms, and cross-site request forgery (CSRF) (Gupta (2019)).