web application information gathering (IG) and vulnerability assessment (VA) is an important step to protect the cyber defense of systems or networks and live web applications. Day by day growing internet connection everywhere remains connected to each other in the world. Web application security major captative of all cyberspace in information gathering. So there is various kind of tool available in the world for website information gathering and vulnerability assessment. Vulnerability assessment and web application information gathering tools have own format and functionality. Mostly information gathering and vulnerability assessment tools are too much costly and also some tool is open source. In market various information gathering and vulnerability assessment tools are available but they are not able to give 100 % accuracy and solution to find out particular vulnerability as per CWE. Our approach to combine multiple information gathering and vulnerability assessment tools (open source). The (Cyberdrone) tool will approach to provide good timing accuracy and efficiency also more security open source effective solutions for information gathering and vulnerability assessment on a web application. Easy to download proper reports and time will decrease using automated tools compare to manual testing.

web application, information gathering, vulnerability assessment, open source intelligence (osint) tool, and scheduler

[1] The size of the World Wide Web (The Internet) http://www.worldwidewebsize.com/ access on 27 October-2018.
[2] Khushal Singh, Vikas, “Analysis of Security Issues in Web Applications through Penetration Testing”, International Journal of Emerging Research in Management &Technology, Volume 3, March 2014.
[3] Creative common attribution. ” Top 10-2017 Top 10” access on 10 august, 2018. Https://www.owasp.org/index.php/Top_10-2017_Top_10.
[4] CWE view: weaknesses in owasp top ten(2017) https://cwe.mitre.org/data/definitions/1026.html access on 23 october,2018
[5] Sugandh Shah, B.M. Mehtre, “A Reliable Strategy for Proactive Self-Defence in Cyber Space using vapt tools and Techniques” IEEE International Conference on Computational Intelligence and Computing Research- 2013
[6] Sugandh Shah, B.M. Mehtre, “An Automated Approach to Vulnerability Assessment and Penetration Testing using Net-Nirikshak 1.0” IEEE International Conference on Advanced Communication Control and Computing Technologies (ICACCCT) -2014
[7] Jai Narayan Goel, Mohsen Hallaj Asghar, Vivek Kumar, Sudhir Kumar Pandey “Ensemble Based Approach to Increase Vulnerability Assessment and Penetration Testing Accuracy” 1st International Conference on Innovation and Challenges in Cyber Security (ICICCS 2016)
[8] Jai Narayan Goela, BM Mehtreb “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology” Peer-review under responsibility of organizing committee of the 3rd International Conference on Recent Trends in Computing 2015 (ICRTC-2015) doi: 10.1016/j.procs.2015.07.458
[9] Muiruri Chris Karumba, Samuel Ruhiu, Christopher A. Moturi “A Hybrid Algorithm for Detecting Web Based Applications Vulnerabilities” American Journal of Computing Research Repository, 2016, Vol. 4, No. 1, 15-20
[10] Robert Vibhandik ; Arijit Kumar Bose “Vulnerability assessment of web applications - a testing approach” 2015 Forth International Conference on e-Technologies and Networks for Development (ICEND)
[11] Insha Altaf, Firdous ul Rashid. Jawed Ahmad Dar, Mohd. Rafiq “Vulnerability Assessment and Patching Management” 2015 International Conference on Soft Computing Techniques and Implementations (ICSCTI)
[12] Nor Izyani Daud, Khairul Azmi Abu Bakar, Mohd Shafeq Md Hasan (Malaysia) “A Case Study On Web Application Vulnerability Scanning Tools ” IEEE - Science and Information Conference 2014 London, UK
[13] Xia wang, ke zhang, qingtian wu (china) “A Design of Security Assessment System for E-commerce Website” IEEE 2015 8th international symposium on computational intelligence and design
[14] Ahana Roy, Louis Mejia, Paul Helling, Aspen Olmsted (Charleston) “Automation of Cyber-reconnaissance: A Java-based Open Source Tool For Information Gathering” IEEE The 12th International Conference for Internet Technology and Secured Transactions (ICITST-2017)
[15] Sonja Glumich, Juanita Riley, Paul Ratazzi, and Amanda Ozanam (USA) “BP: Integrating Cyber Vulnerability Assessments Earlier Into the Systems Development Lifecycle” 2018 IEEE Secure Development Conference
[16] Arni ariani, john lewis, pradeep K. Ray (china) “The Vulnerability Assessment For Emergency Response Plans” 2016 IEEE international symposium on technology and society (ISTAS).
[17] Dzone Web Dev Zone https://dzone.com/articles/types-of-web-applications-from-a-static-web-page-t access on 29 October 2018
[18] Hybrid approach https://searchsoftwarequality.techtarget.com/definition/hybrid-application-hybrid-app access on 3 march - 19
[19] Scheduler concept https://www.tutorialspoint.com/operating_system/os_process_scheduling.htm access on 27 Jan - 19
[20] Scheduler information https://www.tutorialspoint.com/operating_system/os_process_scheduling_algorithms.htm access on 4 jan-19
[21] Information gathering open source tool list https://securitytrails.com/blog/top-20-intel-tools access on 30 march - 19
[22] Vulnerability assessment tool list https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools access on 2 Feb. – 19
[23] Ethical hacking information gathering https://www.macfro.com/ethical_hacking_information_gathering/ access on 23 October, 2018
[24] Tool information https://www.kali.org/ access on 24 March - 19
[25] Scheduler concept https://www.tutorialspoint.com/operating_system/os_process_scheduling.htm access on Jan - 19
[26] R. Saliha Bathool, K.Vijayalakshmi “Automated Detection of Legitimate Java Script Code from a Malicious Injected Code and Improvising the Time Efficiency” International Journal of Science Research In Network Security And Communication, volume -5, issue-4, august 2017.
[27] Nidhi Vora, Chandresh Parekh “ Vulnerability Assessment and Penetration Testing in Web Application and Its Prevention” International Journal of Scientific Research in Computer Science, Engineering and Information Technology, volume2, issue 6, 2017.