论文信息 - Towards a Unified Penetration Testing Taxonomy

Towards a Unified Penetration Testing Taxonomy

Penetration testing is a time consuming process which combines different mechanisms (security standards, protocols, best practices, vulnerability databases, techniques and guidelines) to evaluate computer systems and network vulnerabilities. It's main goal is to identify security weaknesses by using methods and procedures that are commonly used by malicious attackers. Furthermore, the best companies have certificated penetration testers to increase the quality and efficiency of their work. However, the rapid technology evolution increases the complexity and decreases security, and it raises the question if these support mechanisms are adequate and up-to-date. To provide an efficient widespread quality assessment of penetration testing process and mechanisms. Our work is formed to use developed framework to depict an efficient taxonomy over widespread technical and non-technical aspects that cover penetration testing process.

[1] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[2] Matthew Warren,et al. A critical review of penetration testing methodologies , 2004 .

[3] Matthew J. Warren,et al. Penetration Testing Professional Ethics: a conceptual model and taxonomy , 2006, Australas. J. Inf. Syst..

[4] Karen A. Scarfone,et al. An analysis of CVSS version 2 vulnerability scoring , 2009, ESEM 2009.

[5] Pieter H. Hartel,et al. Two methodologies for physical penetration testing using social engineering , 2009, ACSAC '10.

[6] Sami Petäjäsoja,et al. IMS Threat and Attack Surface Analysis Using Common Vulnerability Scoring System , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.

[7] BackTrack 4 : Assuring Security by Penetration Testing , 2011 .