penetration testing auditability
play

Penetration testing auditability Alexandros Tsiridis & Stamatios - PowerPoint PPT Presentation

Mar 14, 2023 •411 likes •554 views

MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas What is the purpose of penetration testing auditability? Research questions What are the sources of penetration testing

  1. MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis & Stamatios Maritsas

  2. What is the purpose of penetration testing auditability? Research questions  What are the sources of penetration testing auditability data?  What methods can be used to effectively audit these sources?  What methods can be used to store these data efficiently and practically?  How can penetration testing auditability enhance collaboration during penetration testing? Introduction to the research 2

  3. Penetration testing is characterised as an Art.  It is not a standardised procedure meaning it cannot be fully automated.  Penetration testing auditability can not be automated.  Auditability though can be improved using a more structured methodology. Penetration testing 3

  4. Identifying the sources of auditability data.  Manual Actions:  Command Line  Other Actions  Automated Actions:  Command Line tools  GUI tools Sources 4

  5. Identifying the methods that can be used to effectively audit and store these sources.  Capture the command line streams  Screen shots  Screen casting  Log files and reports of automated tools  Manual notes  Centralized storage space Gathering and storing 5

  6. Penetration testing auditability can enhance collaboration during penetration testing.  Planning  Task sharing  File sharing  Relation of files with tasks Collaboration 6

  7. Proposed Methodology / Framework Framework 7

  8. Prototype Architecture Prototype Architecture 8

  9. Prototype Implementation Prototype Implementation 9

  10. Demo 10

  11. Number of pen testers 5 Results & Conclusion 4 3 Please rate how this system would 2 improve the performance of pen testing 1 auditability. 0 7 8 9 10 Mean: 7.75 Rate Median: 8 5 Number of pen testers 4 Please rate how this system would 3 improve the collaboration of pen 2 testers. 1 Mean: 7.5 0 Median: 7.5 5 6 7 8 9 10 Rate Please rate how this system would 5 Number of pen testers improve the quality and the quantity of 4 pen testing auditability data gathered. 3 2 Mean: 7.625 1 11 Median: 8 0 6 7 8 9 10 Rate

  12. Questions 12

  13. References  http://img10.deviantart.net/3ed0/i/2006/091/e/1/matrix_m ona_lisa_by_ninjakiller.jpg  Daniel Geer and John Harthorne. Penetration testing: A duet. In Computer Security Applications Conference, 2002. Proceedings. 18th Annual, pages 185-195. IEEE, 2002.  http://3vwuw21t7hbk3efr8u2h6dji.wpengine.netdna- cdn.com/wp-content/uploads/2013/03/software- security.jpg  http://www.dokeos.com/wp-content/uploads/2014/06/29- questions-test-Dokeos-FR.jpg  http://www.webops.com/wp-content/uploads/requst-a- demo.jpg References 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process Penetration testing vs vulnerability assessment What

301 views • 17 slides
Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com Outline Common Criteria Evaluation Assurance Levels JHAS Penetration Testing and Countermeasures 2 Design and security of cryptographic

523 views • 40 slides
Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

455 views • 9 slides
Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com <http://www.cymru.com> Penetration Testing Agenda Pentesting Basics Pentesting Defined Vulnerability Scanning vs. Penetration testing Pentesting

879 views • 83 slides
Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Testing That Digs Deeper Penetration testing is about attempting to exploit as much as possible

516 views • 18 slides
Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

What? Classical Attack Graphs POMDPs MDPs Taxonomy And Now? Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June 26, 2015 J org Hoffmann Simulated Penetration Testing 1/58 What? Classical

2.44k views • 184 slides
An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack Surface l OWASP IoT Top 10 l -1 Ring in IoT n Wireless Topics in IoT n IoT Pen Testing Tools & Examples n Q&A 2 Getting Started in IoT

923 views • 52 slides
World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST certified CREST Certified Cronus is the 1 st CREST certified Automatic Penetration Testing vendor One of top 12 tech companies transforming

611 views • 13 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing & web Network pen testing,

882 views • 31 slides
CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS RFP #2416 OUR DIFFERENTIATORS Global Risk Atlantic has a deep understanding of Risk Assessment and Penetration Testing on a Assessment global

519 views • 7 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL Injection Vulnerabilities in Web Services Nuno Antunes, Marco Vieira PRDC 2009 nmsa@dei.uc.pt, mvieira@dei.uc.pt University of Coimbra

370 views • 24 slides
Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid Stephen McLaughlin - Penn State University Systems and Internet Infrastructure

590 views • 33 slides
SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar Krishnan & Dr. Mingkui Wei Department of Computer Science Sam Houston State University, Huntsville, Texas ISDFS 2019 SC SCADA Ov Overv

635 views • 22 slides
Black Ops 2007: Design Review ing The Web Dan Kaminsky Director of Penetration Testing IOActive

Black Ops 2007: Design Review ing The Web Dan Kaminsky Director of Penetration Testing IOActive

Black Ops 2007: Design Review ing The Web Dan Kaminsky Director of Penetration Testing IOActive Inc. Three Interesting Things Slirpie: Come to my website, be my VPN P0wf: Automagically discovering the toolkits behind the web

407 views • 19 slides
Information Decay + POMDP Incorporating Defenders Behaviour in Autonomous Penetration Testing

Information Decay + POMDP Incorporating Defenders Behaviour in Autonomous Penetration Testing

Information Decay + POMDP Incorporating Defenders Behaviour in Autonomous Penetration Testing Jonathon Schwartz 1 , Hanna Kurniawati 1 , and Edwin El-Mahassni 2 1 1 Research School of Computer Science, ANU 2 Defence Science and Technology

698 views • 16 slides
In Integrated ed Ac AcoD oD system em of of the the or organic nic fr fractio tion of of MSW

In Integrated ed Ac AcoD oD system em of of the the or organic nic fr fractio tion of of MSW

In Integrated ed Ac AcoD oD system em of of the the or organic nic fr fractio tion of of MSW and MSW and se sewage sl sludg udge: e: Case Case study udy A. Piasentin 1 , L. Girotto 1 , G. Moretto 2 , F. Ardolino 3 & F. Cecchi* *Innoven

314 views • 20 slides
conjunction and as a modal particle A BALKANISM ANALYSED FROM THE BULGARIAN PERSPECTIVE

conjunction and as a modal particle A BALKANISM ANALYSED FROM THE BULGARIAN PERSPECTIVE

Uses of as a conjunction and as a modal particle A BALKANISM ANALYSED FROM THE BULGARIAN PERSPECTIVE Anda-Amelia Neagu Universit Ca Foscari - Venice 1. Introduction Linguistic phenomenon common to the languages of the Balkans,

718 views • 20 slides
P ARK R IDGE -N ILES S CHOOL D ISTRICT 64 McKibben Demographic Research, LLC February 25, 2019

P ARK R IDGE -N ILES S CHOOL D ISTRICT 64 McKibben Demographic Research, LLC February 25, 2019

P ARK R IDGE -N ILES S CHOOL D ISTRICT 64 McKibben Demographic Research, LLC February 25, 2019 Jerome McKibben, Ph.D. Rock Hill, SC j.mckibben@mckibbendemographics.com 978-501-7069 McKibben Demographics Park Ridge-Niles School District 64

682 views • 30 slides
24 th Annual PUBLIC WORKS CONFERENCE October 21 & 22, 2020 Due May 29, 2020

24 th Annual PUBLIC WORKS CONFERENCE October 21 & 22, 2020 Due May 29, 2020

24 th Annual PUBLIC WORKS CONFERENCE October 21 & 22, 2020 Due May 29, 2020 Presentations are in the following topic areas or tracks plus more: Municipal Management Design Construction Management Operations & Maintenance

548 views • 5 slides
. Special Programs, Forest Utilization Research FY 2018 LBB Addendum Jessup Page 1 of 9 Forest

. Special Programs, Forest Utilization Research FY 2018 LBB Addendum Jessup Page 1 of 9 Forest

. Special Programs, Forest Utilization Research FY 2018 LBB Addendum Jessup Page 1 of 9 Forest Utilization Research Analyst: Jessup FY 2016 Actual Expenditures by Division by Program FTP PC OE CO T/B LS Total 0.30 FY 2016 Original

213 views • 9 slides
APA investor information and FY14 highlights September 2014 About APA Group APA (29 August 2014)

APA investor information and FY14 highlights September 2014 About APA Group APA (29 August 2014)

APA investor information and FY14 highlights September 2014 About APA Group APA (29 August 2014) APA is Australias largest gas infrastructure business Market A$6.6 billion Gas transmission pipelines and storage USD 6.2bn; GBP 3.8bn;

505 views • 37 slides
Dance is tie hidden language of tie soul Nobody cares if you can 't dance welm. Just get up and

Dance is tie hidden language of tie soul Nobody cares if you can 't dance welm. Just get up and

Dance Competition Single & Duet 2 August 2014 Let us read, and let us dance; these two Let us read, and let us dance; these two amusements will never do any harm to the world. amusements will never do any harm to the world. Dance is tie

300 views • 10 slides
CBG Asset Management Presentation to Bentley Capital AGM 21 st November 2014 Presentation by:

CBG Asset Management Presentation to Bentley Capital AGM 21 st November 2014 Presentation by:

CBG Asset Management Presentation to Bentley Capital AGM 21 st November 2014 Presentation by: Ronni Chalmers AFSL 246790 ABN 12 098 327 809 rchalmers@cbgam.com.au Investment Philosophy Seek stocks that will outperform over 2-3 year time

146 views • 12 slides

More recommend