Achieving Successful Software Penetration Testing

Prepared By Editor-in-Chief

International Journal of Innovative Solutions in Engineering is published semi-annually.

ISSN: 3029-3200

Research Article

DOI: https://doi.org/10.47960/3029-3200.2025.1.1.1
Citations (Crossref, OpenAlex):
Doris Musa* and Ivan Markić ORCID profile of Ivan Markić
*CAdoris.musa@fsre.sum.ba
ivan.markic@fsre.sum.ba

Full text:

Vol. 1 No. 1 Article 1

This article belongs to Vol. 1 No. 1, 2025

D. Musa and I. Markić, “Achieving Successful Software Penetration Testing,” International Journal of Innovative Solutions in Engineering, vol. 1, no. 1, pp. 1–9, Jan. 2025, doi: 10.47960/3029-3200.2025.1.1.1.

pages 1-9

Download a citation file:

Vol. 1 No. 1 Article 1Download

Preview and download a citation file in BibTex format that can be imported by citation management software, including Mendeley, EndNote, ProCite, RefWorks, and Reference Manager.

This article is archived in Zenodo

Zenodo Archive DOI: 10.5281/zenodo.17039281

Abstract

In today’s digital environment, where society faces cyber threats, security is a key component of any organization. Penetration testing is crucial in detecting and eliminating security weaknesses before real attackers can use them. In reality, software penetration testing mimics real-world attacks on software applications to detect vulnerabilities, i.e., security vulnerabilities that real attackers could exploit. The testing requires careful planning, precise performance, and a thorough analysis of the results. This paper deals with successful penetration testing, starting with the basic steps of planning and defining the scope of the test itself. An overview of all tools and techniques and the importance of choosing the right tools for penetration testing are presented. The paper provides a comparative analysis of key tools for penetration testing, including practical guidelines for choosing appropriate methodologies and frameworks. Penetration testing requires a continuous approach as threats and vulnerabilities evolve with technology development. Through regular testing and updates of security policies, organizations can ensure the security of their own software systems.

Keywords

Software Security, Risk Assessment, Penetration Testing, Abuse Cases

ijise ID

1

URI

https://ijise.ba/article/1/

Publication Date

Jan. 17, 2025

References

  1. B. Potter and G. McGraw, “Software security testing”, IEEE Security & Privacy, vol. 2, no. 5, pp. 81–85, Sep. 2004, doi: https://doi.org/10.1109/MSP.2004.84.
  2. D. Verdon and G. McGraw, “Risk analysis in software design”, IEEE Secur. Privacy, vol. 2, no. 4, pp. 79–84, Jul. 2004, doi: https://doi.org/10.1109/MSP.2004.55.
  3. CARNet CERT and LS&S, “Metodologija penetracijskog testiranja,” 2008. [Online]. Available: https://www.cis.hr/www.edicija/LinkedDocuments/CCERT-PUBDOC-2008-02-219.pdf
  4. K. Van Wyk, “Adapting penetration testing for software development purposes,” Jan. 2007. [Online]. Available: https://apps.dtic.mil/sti/pdfs/AD1180049.pdf
  5. H. M. Z. A. Shebli and B. D. Beheshti, “A study on penetration testing process and tools”, in 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT), May 2018, pp. 1–7. doi: https://doi.org/10.1109/LISAT.2018.8378035.
  6. “Penetration Testing Phases”. Accessed: Jan. 16, 2025. [Online]. Available: https://amatas.com/blog/penetration-testing-phases/
  7. J. N. Goel and B. M. Mehtre, “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology”, Procedia Computer Science, vol. 57, pp. 710–715, 2015, doi: https://doi.org/10.1016/j.procs.2015.07.458.
  8. G. Whittaker, “Hacking Made Easy: A Beginner’s Guide to Penetration Testing with Kali Linux | Linux Journal”. Accessed: Jan. 16, 2025. [Online]. Available: https://www.linuxjournal.com/content/hacking-made-easy-beginners-guide-penetration-testing-kali-linux
  9. Metasploit, “Metasploit Framework User Guide,” Amyotroph. lateral Scler. Off. Publ. World Fed. Neurol. Res. Gr. Mot. Neuron Dis., vol. 11, no. 1–2, pp. 38–45, 2010.
  10. S. Raj and N. K. Walia, “A study on Metasploit Framework: a Pen-Testing tool,” 2021 International Conference on Computational Performance Evaluation (ComPE), pp. 296–302, Jul. 2020, doi: https://doi.org/10.1109/compe49325.2020.9200028.
  11. P. Kumawat, “Introduction to Burp Suite – Guide for Burp Suite,” Security Cipher, Nov. 15, 2023. https://securitycipher.com/2020/06/07/introduction-to-burp-suite-guide-for-burp-suite/
  12. “Nmap: the Network Mapper – Free Security Scanner.” https://nmap.org/
  13. The Open Web Application Security Project, “Testing guide,” book. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf
  14. H. M. Adam, Widyawan, and G. D. Putra, “A Review of Penetration Testing Frameworks, Tools, and Application Areas”, in 2023 IEEE 7th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Purwokerto, Indonesia: IEEE, Nov. 2023, pp. 319–324. doi: https://doi.org/10.1109/ICITISEE58992.2023.10404397.
  15. J. A. Pratama, A. Almaarif, and A. Budiono, “Vulnerability Analysis of Wireless LAN Networks using ISSAF WLAN Security Assessment Methodology: A Case Study of Restaurant in East Jakarta,” 2021 4th International Conference of Computer and Informatics Engineering (IC2IE), pp. 435–440, Sep. 2021, doi: https://doi.org/10.1109/ic2ie53219.2021.9649360.
  16. I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. S. Arsa, “Information Technology Risk management using ISO 31000 based on ISSAF Framework Penetration Testing (Case Study: Election Commission of X City),” International Journal of Computer Network and Information Security, vol. 12, no. 4, pp. 30–40, Aug. 2020, doi: https://doi.org/10.5815/ijcnis.2020.04.03.
  17. F. Abu-Dabaseh and E. Alshammari, “Automated Penetration Testing : An Overview”, in Computer Science & Information Technology, Academy & Industry Research Collaboration Center (AIRCC), Apr. 2018, pp. 121–129. doi: https://doi.org/10.5121/csit.2018.80610.
  18. A. Giuseppi, A. Tortorelli, R. Germana, F. Liberati, and A. Fiaschetti, “Securing Cyber-Physical Systems: An Optimization Framework based on OSSTMM and Genetic Algorithms,” 2022 30th Mediterranean Conference on Control and Automation (MED), pp. 50–56, Jul. 2019, doi: https://doi.org/10.1109/med.2019.8798506.
  19. N. M. Karie, N. M. Sahri, W. Yang, C. Valli, and V. R. Kebande, “A review of security Standards and Frameworks for IoT-Based Smart Environments,” IEEE Access, vol. 9, pp. 121975–121995, Jan. 2021, doi: https://doi.org/10.1109/access.2021.3109886.
  20. B. A. B. Arfaj, S. Mishra, and M. AlShehri, “Efficacy of unconventional penetration testing practices,” Intelligent Automation & Soft Computing, vol. 31, no. 1, pp. 223–239, Sep. 2021, doi: https://doi.org/10.32604/iasc.2022.019485.
Post Views: 1,168

Large Language Models in Power Systems: Enhancing Control and Decision-Making

ISSN: 3029-3200

Reach out to us for more opportunities

If you have any inquiries, please use the information below to contact us.

Contact Us

All articles published in the International Journal of Innovative Solutions in Engineering (IJISE) are preserved in Zenodo for long-term archiving and global accessibility.

© 2026 by The Author(s). Licensee IJISE by Faculty of Mechanical Engineering, Computing and Electrical Engineering, University of Mostar. All articles are an open-access and distributed under the terms and conditions of the CC BY 4.0Creative Commons LicenseAttribution 4.0 International (CC BY 4.0)