Effective Penetration Testing Report Writing

Alghamdi, Abdulrahman Abdullah

doi:10.1109/iceccme52200.2021.9591097

Cited by 5 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A penetration test is one of the most common methodologies for determining vulnerabilities in different platforms. According to Alghamdi (2021) , penetration testing is crucial for identifying security vulnerabilities, but it is becoming sophisticated and time-consuming, resulting in poor reporting. An HEI can use various penetration test principles and procedures for such purposes.…”

Section: Methodsmentioning

confidence: 99%

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Kepuska,

Tomasevic

2024

PeerJ Computer Science

View full text Add to dashboard Cite

Higher education institutions (HEIs) have a significant presence in cyberspace. Data breaches in academic institutions are becoming prevalent. Online platforms in HEIs are a new learning mode, particularly in the post-COVID era. Recent studies on information security indicate a substantial increase in cybersecurity attacks in HEIs, because of their decentralized e-learning structure and diversity of users. In Western Balkans, there is a notable absence of incident response plans in universities, colleges, and academic institutions. Moreover, e-learning management systems have been implemented without considering security. This study proposes a cybersecurity methodology called a lightweight framework with proactive controls to address these challenges. The framework aims to identify cybersecurity vulnerabilities in learning management systems in Western Balkan countries and suggest proactive controls based on a penetration test approach.

show abstract

Section: Methodsmentioning

confidence: 99%

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Kepuska,

Tomasevic

2024

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…A penetration process is structured based on the area of coverage or the depth of testing. There are five major phases (Figure 3) of penetration testing [71] that should be executed sequentially to complete a cycle. It is a regular process, like an audit, that should be implemented regularly (e.g., once yearly), after implementing new infrastructure or even upgrading a system.…”

Section: Penetration Phasesmentioning

confidence: 99%

Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods

2023

View full text Add to dashboard Cite

Cyber attackers are becoming smarter, and at the end of the day, many novel attacks are hosted in the cyber world. Security issues become more complex and critical when the number of services and subscribers increases due to advanced technologies. To ensure a secure environment, cyber professionals suggest reviewing the information security posture of the organization regularly via security experts, which is known as penetration testing. A pen tester executes a penetration test of an organization according to the frameworks and standardization guidelines. Security breaches of the system, loopholes in OS or applications, network vulnerabilities, and breaking data integration scopes are identified, and appropriate remediation is suggested by a pen tester team. The main aim of a penetration process is to fix the vulnerabilities prior to the attack in tangible and intangible resources. Firstly, this review work clarifies the penetration conception and is followed by the taxonomy of penetration domains, frameworks, standards, tools, and scoring methods. It performs a comparison study on the aforementioned items that develops guidelines for selecting an appropriate item set for the penetration process according to the demand of the organization. This paper ends with a constructive observation along with a discussion on recent penetration trends and the scope of future research.

show abstract

W3BnNr: An Automated tool for information gathering, vulnerability scanning, attacking and reporting for injection attacks on web application

Muralidharan

Babu

Sujatha

2023

2023 Advanced Computing and Communication Technologies for High Performance Applications (ACCTHPA)

View full text Add to dashboard Cite

Effective Penetration Testing Report Writing

Cited by 5 publications

References 14 publications

A lightweight framework for cyber risk management in Western Balkan higher education institutions

A lightweight framework for cyber risk management in Western Balkan higher education institutions

Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods

W3BnNr: An Automated tool for information gathering, vulnerability scanning, attacking and reporting for injection attacks on web application

Contact Info

Product

Resources

About