{"title":"Automated penetration testing based on a threat model","authors":"N. A. Almubairik, G. Wills","doi":"10.1109/ICITST.2016.7856742","DOIUrl":null,"url":null,"abstract":"The aim of this work is to propose a systematic penetration testing algorithm guided by a threat model. The use of the threat model in penetration testing ensures that all existing threats are checked and no threat is overlooked through the penetration test process. The objectives of this work are as follows: assembling a package of penetration testing tools (toolkit) to test the security of a equation system. Moreover, considering standard methodologies to design the automated penetration testing. A number of methodologies have been followed during the design of the algorithm. First, a threat model designed at the IT Innovation Centre was used extract threats. These threats were used as a starting point for the penetration testing. Second, the NIST 800-115 standard for penetration testing was followed. Applying the proposed automated penetration testing algorithm to a real system contributes to the reduction of consequences which can result from malicious attacks.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2016.7856742","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23
Abstract
The aim of this work is to propose a systematic penetration testing algorithm guided by a threat model. The use of the threat model in penetration testing ensures that all existing threats are checked and no threat is overlooked through the penetration test process. The objectives of this work are as follows: assembling a package of penetration testing tools (toolkit) to test the security of a equation system. Moreover, considering standard methodologies to design the automated penetration testing. A number of methodologies have been followed during the design of the algorithm. First, a threat model designed at the IT Innovation Centre was used extract threats. These threats were used as a starting point for the penetration testing. Second, the NIST 800-115 standard for penetration testing was followed. Applying the proposed automated penetration testing algorithm to a real system contributes to the reduction of consequences which can result from malicious attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
