CRiPT: Cryptography in penetration testing

Abstract

The speed and the rate at which the softwares are developed worldwide to meet the customer requirement(s) is increasing day by day. In order to meet the customer target-oriented deadline(s), the softwares are developed at fast pace, often missing vital security checks in the process. These checks become crucial when the software developed are deployed over the network in the client–server architecture and more significantly in the MVC (Model View Controller) architecture scenario. Then one may ask what is the solution? Possible answer is in secure system software engineering which incorporates principles of penetration testing. Penetration testing is one of the amicable and acceptable solution. It might not be a perfect one but it is effective. A penetration test is an attack on the system with the intent of finding security loopholes, potentially gaining access to it, its functionality and data. In this work, we have proposed a methodology for implementing penetration testing. We have taken several cryptographic algorithms such as AES, DES, MD5, and SHA to demonstrate our unique methodology which blends the cryptographic techniques with software engineering principles.