S. Fugkeaw, Lyhour Hak, Nutsuda Ploysopond, Witchaya Apichonkit, Sirapop Lahankaew
{"title":"LightPEN: Optimizing the Vulnerability Exposures for Lightweight Penetration Test","authors":"S. Fugkeaw, Lyhour Hak, Nutsuda Ploysopond, Witchaya Apichonkit, Sirapop Lahankaew","doi":"10.1109/KST57286.2023.10086896","DOIUrl":null,"url":null,"abstract":"Penetration Testing (PenTest) is crucial to an organization’s system security. It helps ensure the confidentiality, integrity, and availability of the system and reduces exposures to future risks. Specifically, the PenTest process is usually initiated after the vulnerability assessment (VA) scanning where its results are used to undertake the PenTest. Significantly, PenTest requires expert testers to test each vulnerability found in the VA stage thoroughly. Hence, the process is expert-dependent and time-consuming. To optimize the set of vulnerabilities to be tested in the PenTest process, we introduce the scheme called LightPEN to support the extraction of known vulnerabilities obtained from existing sources such as local code scanning, notice from vendors and developers, and previous VA reports. In addition, our system provides exploitable scripts for the PenTest process. Finally, we conducted the experiment to demonstrate the efficiency of our proposed system.","PeriodicalId":351833,"journal":{"name":"2023 15th International Conference on Knowledge and Smart Technology (KST)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 15th International Conference on Knowledge and Smart Technology (KST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/KST57286.2023.10086896","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Penetration Testing (PenTest) is crucial to an organization’s system security. It helps ensure the confidentiality, integrity, and availability of the system and reduces exposures to future risks. Specifically, the PenTest process is usually initiated after the vulnerability assessment (VA) scanning where its results are used to undertake the PenTest. Significantly, PenTest requires expert testers to test each vulnerability found in the VA stage thoroughly. Hence, the process is expert-dependent and time-consuming. To optimize the set of vulnerabilities to be tested in the PenTest process, we introduce the scheme called LightPEN to support the extraction of known vulnerabilities obtained from existing sources such as local code scanning, notice from vendors and developers, and previous VA reports. In addition, our system provides exploitable scripts for the PenTest process. Finally, we conducted the experiment to demonstrate the efficiency of our proposed system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
