An Overview of Penetration Testing

Bacudio, Aileen G; Yuan, Xiaohong; Chu, Bei Tseng Bill; Jones, Monique

doi:10.5121/ijnsa.2011.3602

Cited by 66 publications

(30 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This can involve the testers and the owners of the system working together on what to focus on during the testing process. Grey box penetration tests are in between black box and white box testing where only partial information about the system are provided to the testers [4]. In this work, we focus on black-box testing.…”

Section: Introductionmentioning

confidence: 99%

“…This leads into the debate over spending money on preventive security measures vs. the cost of potential breaches. However, since the cost of a penetration test is typically a fraction of the data breach figure, it makes good business sense to invest in penetration testing and use the information it provides to keep security protocols up to date and learn how to better identify potential vulnerabilities in the future [4].…”

Section: Introductionmentioning

confidence: 99%

“…Social engineering leverages human interaction in order to obtain or compromise sensitive system information. This strategy is used to manage unauthorized access opportunities by assessing the security awareness of employees [4]. In this work, we focus on a combination of network and application penetration testing.…”

Section: Introductionmentioning

confidence: 99%

“…For the most comprehensive results, a system's hardware components and the people that interact with the system must be considered as well [4]. There are three common variations of penetration testing: network testing, application testing, and social engineering.…”

Section: Introductionmentioning

confidence: 99%

“…Penetration tests are classified into three categories: black box, white box, and grey box [4]. Black box penetration tests are conducted with no prior knowledge about the system being tested in order to determine if accessing the system is possible and if so, how much data can be compromised.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

ANEX: Automated Network Exploitation through Penetration Testing

Dazet¹

View full text Add to dashboard Cite

ANEX: Automated Network Exploitation through Penetration Testing Eric Francis DazetCyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system's security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing tools are not as effective as manual tests. They are not as flexible as manual testing, cannot discover every vulnerability, and can lead to a false sense of security. The development of better automated tools can help organizations quickly and frequently know the state of their security measures and can help improve the manual penetration testing process by accelerating repetitive tasks without sacrificing results.This thesis presents Automated Network Exploitation through Penetration Testing (ANEX), an automated penetration testing system designed to infiltrate a computer network and map paths from a compromised network machine to a specified target machine. Our goal is to provide an effective security evaluation solution with minimal user involvement that is easily deployable in an existing system. ANEX demonstrates that important security information can be gathered through automated tools based solely on free-to-use programs. ANEX can also enhance the manual penetration testing process by quickly accumulating information about each machine to develop more focused testing procedures.iv Our results show that we are able to successfully infiltrate multiple network levels and exploit machines not directly accessible to our testing machine with mixed success. Overall, our design shows the efficacy of utilizing automated and open-source tools for penetration testing.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

ANEX: Automated Network Exploitation through Penetration Testing

Dazet¹

View full text Add to dashboard Cite

show abstract

Addressing Security Properties in Systems of Systems: Challenges and Ideas

Olivero

Bertolino

Mayo

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research frontier. A SoS is formed by a set of constituent systems that live on their own with well-established functionalities and requirements, and, in certain circumstances, they must collaborate to achieve a common mission. In this scenario, security is one crucial property that needs to be considered since the early stages of SoS lifecycle. Unfortunately, SoS security cannot be guaranteed by addressing the security of each constituent system separately. The aim of this paper is to discuss the challenges faced in addressing the security of SoS and to propose some research ideas centered around the notion of a mission to be carried out by the SoS.

show abstract