CRiPT: Cryptography in Penetration Testing

  • Sachin Ahuja
  • Rahul Johari
  • Chetna Khokhar
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 381)


The speed and the rate at which the softwares are developed worldwide to meet the customer requirement(s) is increasing day by day. In order to meet the customer target-oriented deadline(s), the softwares are developed at fast pace, often missing vital security checks in the process. These checks become crucial when the software developed are deployed over the network in the client–server architecture and more significantly in the MVC (Model View Controller) architecture scenario. Then one may ask what is the solution? Possible answer is in secure system software engineering which incorporates principles of penetration testing. Penetration testing is one of the amicable and acceptable solution. It might not be a perfect one but it is effective. A penetration test is an attack on the system with the intent of finding security loopholes, potentially gaining access to it, its functionality and data. In this work, we have proposed a methodology for implementing penetration testing. We have taken several cryptographic algorithms such as AES, DES, MD5, and SHA to demonstrate our unique methodology which blends the cryptographic techniques with software engineering principles.


MD5 AES DES SHA-1 Plaintext Ciphertext 



The author(s) wishes to extend sincere thanks to the administration of GGSIP University for providing rich academic and research oriented environment.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Dai, Z., Lv, L., Liang, X., Bo, Y.: Network penetration testing scheme description language. In: IEEE Computer Society, International Conference on Computational and Information Sciences (2011)Google Scholar
  5. 5.
    Jain, S., Johari, R.: SECRA (Secure Erasure Coding based Routing Algorithm). In: International Conference on Research Trends in Computer Technologies (ICRTCT-2013) (Jan 2013)Google Scholar
  6. 6.
    Jain, S., Johari, R.: AID (Attack Identification in DTN). In: 18 Annual cum 3rd International Conference of Gwalior Academy of Mathematical Sciences (GAMS) on Mathematical, Computational and Integrative Sciences, (Sept 2013)Google Scholar
  7. 7.
    Pan, W., Li, W.: A penetration testing method for e-commerce authentication system security. In: International Conference on Management of e-Commerce and e-Government, IEEE Computer Society (2009)Google Scholar
  8. 8.
    Jain, S., Kaur, A., Johari, R.: CPFSD (Code Penetration for Secure Development). In: 7th International Conference on Advanced Computing and Communication Technologies (ICACCT—2013) (Nov 2013)Google Scholar
  9. 9.
    Jain, S., Johari, R.: ECBEC (erasure coding block encryption using cryptography). In: Security and Privacy Symposium–2013, IIT Kanpur, (Feb 2013)Google Scholar
  10. 10.
    Weissman, C.: Penetration Testing. Trusted Computer System Evaluation Criteria, DoD 5200.28-STD (Dec 1985) (The Orange Book)Google Scholar
  11. 11.
    Graw, G.Mc.: Software Security, Cigital, IncGoogle Scholar
  12. 12.
    Geer, D., Harthorne, J.: Penetration testing :a duet, @Stake, dgeer@atstake.comGoogle Scholar
  13. 13.
    Gupta, S., Johari, R.: A new framework for credit card transactions involving mutual authentication between cardholder and merchant. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 22–26, IEEE (2011)Google Scholar
  14. 14.
    Johari, R., Gupta, N.: Secure query processing in delay tolerant network using java cryptography architecture. In: International Conference on Computational Intelligence and Communication Networks (CICN), pp. 653–657, IEEE (2011)Google Scholar
  15. 15.
    Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: International Conference on Communication Systems and Network Technologies (CSNT), pp. 453–458, IEEE (2012)Google Scholar
  16. 16.
    Sharma, P., Johari, R., Sarma, S.S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. In: International Journal of System Assurance Engineering and Management, pp. 343–351, Springer (3 April 2012)Google Scholar
  17. 17.
    Jain, I., Johari, R., Ujjwal, R.L.: Web vulnerability exploitation using brute force attack and dictionary attack. In: proceedings of 9th National Conference on Smarter Approaches in Computing Technologies and Applications (SACTA-2014) (2014)Google Scholar
  18. 18.
    Johari, R., Jain, I., Ujjwal, R.L.: Performance analysis of MD5, DES and AES encryption algorithms for credit card application. In: International Conference on Modeling and computing (ICMC—2014) (2014)Google Scholar
  19. 19.
    Ruby, L., Johari, R.: Designing a secure encryption technique for web based application. Int. J. Adv. Res. Sci. Eng. (IJARSE) [ISSN-2319-8354], 3(7), 159–163 (July 2014)Google Scholar
  20. 20.
    Ruby, L., Johari, R.: SANE: Secure encryption technique for alphanumeric data over web based applications. Int. J. Eng. Res. Technol. (IJERT) [ISSN no: 2278–0181] 3(8), 8–11 (August 2014)Google Scholar
  21. 21.
    Jain, I., Johari, R., Ujjwal, R.L.: CAVEAT: Credit card vulnerability exhibition and authentication tool. In: Second International Symposium on Security in Computing and Communications (SSCC’14), pp. 391–399, Springer (2014)Google Scholar
  22. 22.
    Ahuja, S., Johari, R., Khokhar, C.: EAST: exploitation of attacks and system threats in network. In: Information Systems Design and Intelligent Applications, Advances in Intelligent Systems and Computing (ASIC) Series, vol. 339, pp. 601–611, Springer (2015)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.USICTGGSIP UniversityDwarkaIndia

Personalised recommendations