Overview and open issues on penetration test
详细信息 查看全文
- 作者:Daniel Dalalana Bertoglio…
- 关键词:Security testing ; Penetration test ; Systematic mapping study
- 刊名:Journal of the Brazilian Computer Society
- 出版年:2017
- 出版时间:December 2017
- 年:2017
- 卷:23
- 期:1
- 全文大小:1252KB
- 刊物类别:Computer Science
- 刊物主题:Computer Science, general; Computer System Implementation; Operating Systems; Data Structures; Simulation and Modeling;
- 出版者:Springer London
- ISSN:1678-4804
- 卷排序:23
文摘
Several studies regarding security testing for corporate environments, networks, and systems were developed in the past years. Therefore, to understand how methodologies and tools for security testing have evolved is an important task. One of the reasons for this evolution is due to penetration test, also known as Pentest. The main objective of this work is to provide an overview on Pentest, showing its application scenarios, models, methodologies, and tools from published papers. Thereby, this work may help researchers and people that work with security to understand the aspects and existing solutions related to Pentest. A systematic mapping study was conducted, with an initial gathering of 1145 papers, represented by 1090 distinct papers that have been evaluated. At the end, 54 primary studies were selected to be analyzed in a quantitative and qualitative way. As a result, we classified the tools and models that are used on Pentest. We also show the main scenarios in which these tools and methodologies are applied to. Finally, we present some open issues and research opportunities on Pentest.