An automated method of penetration testing

An automated method of penetration testing was proposed, which is deigned to solve the problems such as high cost and low efficiency in the traditional penetration testing. This method consists of two parts: the automatic generating method of the penetration testing scheme and the automatic executing method of penetration testing scheme. We design and implement an original system which can execute penetration testing automatically, it was named AEPT (automatic executing penetration testing). The system integrates the necessary functions of penetration testing and can execute the penetration testing automatically. The experimental results showed that this method can overcome the problems exist in traditional penetration testing and can dramatically improve the efficiency and the accuracy of penetration testing, greatly reduce the cost of penetration testing.

[1]  Herbert H. Thompson Application Penetration Testing , 2005, IEEE Secur. Priv..

[2]  Daniel Geer,et al.  Penetration testing: a duet , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  Alessandro Orso,et al.  Penetration Testing with Improved Input Vector Identification , 2009, 2009 International Conference on Software Testing Verification and Validation.

[4]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[5]  Martin Gilje Jaatun,et al.  Penetration Testing of OPC as Part of Process Control Systems , 2008, UIC.

[6]  Namosha Veerasamy High-Level Methodology for Carrying out Combined Red and Blue Teams , 2009, 2009 Second International Conference on Computer and Electrical Engineering.