Mohd Zaidi Zakaria, Poon Ai Phin, Nurfarahin Mohmad, Saiful Adli Ismail, M. Kama, O. Yusop
{"title":"A Review of Standardization for Penetration Testing Reports and Documents","authors":"Mohd Zaidi Zakaria, Poon Ai Phin, Nurfarahin Mohmad, Saiful Adli Ismail, M. Kama, O. Yusop","doi":"10.1109/ICRIIS48246.2019.9073393","DOIUrl":null,"url":null,"abstract":"Penetration testing or pen test is a simulated cyber-attack conducted to find the vulnerabilities and weaknesses in a computer system. The test is conducted by professionals hired by the organization that produces a report to the organization for further actions. However, the report produce varies according to the different tester. This is because there is no standardized format of a pen test report approved by any security organization or bodies. Each tester would submit a report based on the findings on their company’s policy. We analyse eight pen test report available online to find any similarities or pattern so that we can come out with a standardized format which comprises of components we think is needed in the report. The proposed format will also cater to the understanding of both security system personnel and the upper management of the organization. This is due to the fact that technicality of the report may not be clear to the top management, which results in them taking less consideration upon the issues of vulnerabilities in their system. This standardized report will cater to the needs of both system security personnel and the upper management by taking further actions upon improving the security of their network, servers, computers, firewalls and all of the access channels of their system.","PeriodicalId":294556,"journal":{"name":"2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 6th International Conference on Research and Innovation in Information Systems (ICRIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRIIS48246.2019.9073393","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Penetration testing or pen test is a simulated cyber-attack conducted to find the vulnerabilities and weaknesses in a computer system. The test is conducted by professionals hired by the organization that produces a report to the organization for further actions. However, the report produce varies according to the different tester. This is because there is no standardized format of a pen test report approved by any security organization or bodies. Each tester would submit a report based on the findings on their company’s policy. We analyse eight pen test report available online to find any similarities or pattern so that we can come out with a standardized format which comprises of components we think is needed in the report. The proposed format will also cater to the understanding of both security system personnel and the upper management of the organization. This is due to the fact that technicality of the report may not be clear to the top management, which results in them taking less consideration upon the issues of vulnerabilities in their system. This standardized report will cater to the needs of both system security personnel and the upper management by taking further actions upon improving the security of their network, servers, computers, firewalls and all of the access channels of their system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
