Title :
Towards a Unified Penetration Testing Taxonomy
Author :
Hudic, Aleksandar ; Zechner, L. ; Islam, Shariful ; Krieg, Christian ; Weippl, Edgar R. ; Winkler, Stefan ; Hable, Richard
Abstract :
Penetration testing is a time consuming process which combines different mechanisms (security standards, protocols, best practices, vulnerability databases, techniques and guidelines) to evaluate computer systems and network vulnerabilities. It´s main goal is to identify security weaknesses by using methods and procedures that are commonly used by malicious attackers. Furthermore, the best companies have certificated penetration testers to increase the quality and efficiency of their work. However, the rapid technology evolution increases the complexity and decreases security, and it raises the question if these support mechanisms are adequate and up-to-date. To provide an efficient widespread quality assessment of penetration testing process and mechanisms. Our work is formed to use developed framework to depict an efficient taxonomy over widespread technical and non-technical aspects that cover penetration testing process.
Keywords :
program testing; security of data; computer systems; consuming process; malicious attackers; network vulnerabilities; security weaknesses; unified penetration testing taxonomy; Conferences; Guidelines; Security; Software; Standards; Taxonomy; Testing; penetration testing; taxonomy;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom)
Conference_Location :
Amsterdam
Print_ISBN :
978-1-4673-5638-1
DOI :
10.1109/SocialCom-PASSAT.2012.65
