Penetration testing auditability Alexandros Tsiridis & Stamatios - - PowerPoint PPT Presentation

penetration testing auditability
SMART_READER_LITE
LIVE PREVIEW

Penetration testing auditability Alexandros Tsiridis & Stamatios - - PowerPoint PPT Presentation

Mar 14, 2023 411 likes •556 views

MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas What is the purpose of penetration testing auditability? Research questions What are the sources of penetration testing

slide-1
SLIDE 1

Penetration testing auditability

Alexandros Tsiridis & Stamatios Maritsas

MSc System and Network Engineering

slide-2
SLIDE 2

What is the purpose of penetration testing auditability?

 What are the sources of penetration testing

auditability data?

 What methods can be used to effectively audit

these sources?

 What methods can be used to store these data

efficiently and practically?

 How can penetration testing auditability enhance

collaboration during penetration testing?

Introduction to the research 2

Research questions

slide-3
SLIDE 3

Penetration testing is characterised as an Art.

 It is not a standardised procedure

meaning it cannot be fully automated.

 Penetration testing auditability can not

be automated.

 Auditability though can be improved

using a more structured methodology.

Penetration testing 3

slide-4
SLIDE 4

Identifying the sources of auditability data.

 Manual Actions:  Command Line  Other Actions  Automated Actions:  Command Line tools  GUI tools

Sources 4

slide-5
SLIDE 5

Identifying the methods that can be used to effectively audit and store these sources.

 Capture the command line streams  Screen shots  Screen casting  Log files and reports of automated tools  Manual notes  Centralized storage space

Gathering and storing 5

slide-6
SLIDE 6

Penetration testing auditability can enhance collaboration during penetration testing.

 Planning  Task sharing  File sharing  Relation of files with tasks

Collaboration 6

slide-7
SLIDE 7

Proposed Methodology / Framework

Framework 7

slide-8
SLIDE 8

Prototype Architecture

Prototype Architecture 8

slide-9
SLIDE 9

Prototype Implementation

Prototype Implementation 9

slide-10
SLIDE 10

Demo 10

slide-11
SLIDE 11

Results & Conclusion

Please rate how this system would improve the performance of pen testing auditability. Please rate how this system would improve the quality and the quantity of pen testing auditability data gathered. Please rate how this system would improve the collaboration of pen testers.

11

Mean: 7.75 Median: 8 Mean: 7.5 Median: 7.5 Mean: 7.625 Median: 8

1 2 3 4 5 7 8 9 10

Number of pen testers Rate

1 2 3 4 5 5 6 7 8 9 10

Number of pen testers Rate

1 2 3 4 5 6 7 8 9 10

Number of pen testers Rate

slide-12
SLIDE 12

Questions 12

slide-13
SLIDE 13

References

 http://img10.deviantart.net/3ed0/i/2006/091/e/1/matrix_m

  • na_lisa_by_ninjakiller.jpg

 Daniel Geer and John Harthorne. Penetration testing: A

  • duet. In Computer Security Applications Conference,
  • 2002. Proceedings. 18th Annual, pages 185-195. IEEE,

2002.

 http://3vwuw21t7hbk3efr8u2h6dji.wpengine.netdna-

cdn.com/wp-content/uploads/2013/03/software- security.jpg

 http://www.dokeos.com/wp-content/uploads/2014/06/29-

questions-test-Dokeos-FR.jpg

 http://www.webops.com/wp-content/uploads/requst-a-

demo.jpg

References 13