<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz29</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Казахстанско-Британского технического университета</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of the Kazakh-British Technical University</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6688</issn><issn pub-type="epub">2959-8109</issn><publisher><publisher-name>Казахстанско-Британский Технический Университет</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.55452/1998-6688-2023-20-2-125-136</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz29-713</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>КОМПЬЮТЕРНЫЕ НАУКИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>COMPUTER SCIENCE</subject></subj-group></article-categories><title-group><article-title>РАЗРАБОТКА БЕЗОПАСНОЙ СИСТЕМЫ ЛОГИРОВАНИЯ И УПРАВЛЕНИЯ ДЛЯ ТЕСТИРОВАНИЯ НА ПРОНИКНОВЕНИЕ</article-title><trans-title-group xml:lang="en"><trans-title>DEVELOPMENT OF A SECURE LOGGING AND MANAGEMENT SYSTEM FOR PENETRATION TESTING</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-1257-6368</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Самбурская</surname><given-names>С. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Samburskaya</surname><given-names>S. А.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Самбурская София Александровна, Магистрант кафедры «Компьютерная инженерия», тьютор кафедры «Кибербезопасность»</p><p>ул. Манаса, 34, 050040, Алматы</p></bio><bio xml:lang="en"><p>Samburskaya Sofiya Alexandrovna, Master student of the Computer Engineering Department, Tutor of the Cybersecurity Department</p><p>Manas st., 34, 050040, Almaty</p></bio><email xlink:type="simple">ofiya.samburskaya@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Международный университет информационных технологий<country>Казахстан</country></aff><aff xml:lang="en">International information technology university<country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2023</year></pub-date><pub-date pub-type="epub"><day>02</day><month>07</month><year>2023</year></pub-date><volume>20</volume><issue>2</issue><fpage>125</fpage><lpage>136</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Самбурская С.А., 2023</copyright-statement><copyright-year>2023</copyright-year><copyright-holder xml:lang="ru">Самбурская С.А.</copyright-holder><copyright-holder xml:lang="en">Samburskaya S.А.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.kbtu.edu.kz/jour/article/view/713">https://vestnik.kbtu.edu.kz/jour/article/view/713</self-uri><abstract><p>Сфера информационной безопасности в Казахстане с каждым годом затрагивает все большее количество отраслей, и тестирование на проникновение также набирает популярность, так как является одним из ключевых методов оценки безопасности и рисков компании. Данная статья посвящена исследованию и разработке веб-приложения для обеспечения полного контроля над процессом тестирования на проникновение: мониторинг выполнения задач и проектов, ведение отчетов по всем процессам, разделение задач между сотрудниками. Система менеджмента автоматически осуществляет подбор рекомендаций по устранению уязвимостей и генерирует отчеты о проведенном тестировании на проникновение. Как алгоритм классификации используется древо решений. Разграничение пользователей по уровням доступа, структурированное хранение данных, автоматическая фиксация результатов тестирования, генерация отчетов и подбор рекомендаций по устранению уязвимостей делают веб-приложение более совершенным и удобным на фоне аналогичных систем. Важность этого исследования заключается в упрощении осуществления тестирования на проникновение и развития этой услуги в Казахстане, что позволит усилить уровень информационной безопасности на предприятиях всех отраслей.</p></abstract><trans-abstract xml:lang="en"><p>The sphere of information security in Kazakhstan affects an increasing number of industries every year, and penetration testing is also gaining popularity, as it is one of the key methods for assessing the security and risks of a company. This article is devoted to the research and development of a web application to provide full control over the penetration testing process: monitoring the implementation of tasks and projects, reporting on all processes, dividing tasks between employees. The management system automatically selects recommendations for eliminating vulnerabilities and generates reports on penetration testing. As a classification algorithm, a decision tree is used. Differentiation of users by access levels, structured data storage, automatic recording of test results, generation of reports and selection of recommendations for eliminating vulnerabilities make the web application more perfect and convenient compared to similar systems. The importance of this study lies in the simplification of the implementation of penetration testing and the development of this service in Kazakhstan, which will improve the level of information security in enterprises of all industries.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>веб-приложение</kwd><kwd>система управления</kwd><kwd>html</kwd><kwd>css</kwd><kwd>postgresql</kwd><kwd>тест на проникновение</kwd><kwd>django</kwd></kwd-group><kwd-group xml:lang="en"><kwd>web application</kwd><kwd>management system</kwd><kwd>html</kwd><kwd>css</kwd><kwd>postgresql</kwd><kwd>penetration test</kwd><kwd>django</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Canadian Centre for Cyber Security, Cyber Threat and Cyber Threat Actors [online]. ISBN 978-0-660-45950-9. https://www.cyber.gc.ca/sites/default/files/ncta-2022-intro-e.pdf (2020).</mixed-citation><mixed-citation xml:lang="en">Canadian Centre for Cyber Security, Cyber Threat and Cyber Threat Actors [online]. ISBN 978-0-660-45950-9. https://www.cyber.gc.ca/sites/default/files/ncta-2022-intro-e.pdf (2020).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Verizon, 2019 Data Breach Investigations Report [online]. https://www.nist.gov/system/files/documents/2019/10/16/1-2-dbir-widup.pdf (2019).</mixed-citation><mixed-citation xml:lang="en">Verizon, 2019 Data Breach Investigations Report [online]. https://www.nist.gov/system/files/documents/2019/10/16/1-2-dbir-widup.pdf (2019).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Bischoff P. (2020) How data breaches affect stock market share prices.</mixed-citation><mixed-citation xml:lang="en">Bischoff P. (2020) How data breaches affect stock market share prices.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones (2011) An Overview Of Penetration Testing, International Journal of Network Security &amp; Its Applications, vol.3, no.6.</mixed-citation><mixed-citation xml:lang="en">Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones (2011) An Overview Of Penetration Testing, International Journal of Network Security &amp; Its Applications, vol.3, no.6.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Positive Technologies, External pentests results – 2020, Penetration testing of corporate information systems (2020).</mixed-citation><mixed-citation xml:lang="en">Positive Technologies, External pentests results – 2020, Penetration testing of corporate information systems (2020).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Hessa Mohammed Zaher Al Shebli, Babak D. Beheshti, A study on penetration testing process and tools, IEEE Long Island Systems, Applications and Technology Conference. https://doi.org/10.1109/LISAT.2018.8378035.</mixed-citation><mixed-citation xml:lang="en">Hessa Mohammed Zaher Al Shebli, Babak D. Beheshti, A study on penetration testing process and tools, IEEE Long Island Systems, Applications and Technology Conference. https://doi.org/10.1109/LISAT.2018.8378035.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Chiem Trieu Phong, Wei Qi Yan, An Overview of Penetration Testing, International Journal of Digital Crime and Forensics, 25. https://doi.org/10.4018/ijdcf.2014100104.</mixed-citation><mixed-citation xml:lang="en">Chiem Trieu Phong, Wei Qi Yan, An Overview of Penetration Testing, International Journal of Digital Crime and Forensics, 25. https://doi.org/10.4018/ijdcf.2014100104.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
