Detail publikace

Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists

LAZAROV, W. ŠEDA, P. MARTINÁSEK, Z. KÜMMEL, R.

Originální název

Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists

Typ

článek v časopise ve Web of Science, Jimp

Jazyk

angličtina

Originální abstrakt

In the contemporary landscape of cybersecurity, the importance of effective penetration testing is underscored by NIS2, emphasizing the need to assess and demonstrate cyber resilience. This paper introduces an innovative approach to penetration testing that employs interactive checklists, supporting both manual and automated tests, as demonstrated within the Penterep environment. These checklists, functioning as a quantifiable measure of test completeness, guide pentesters through methodological testing, addressing the inherent challenges of the security testing domain. While some may perceive a limitation in the dependency on predefined checklists, the results from a presented case study underscore the criticality of methodological testing. The study reveals that relying solely on fully automated tools would be inadequate to identify all vulnerabilities and flaws without the inclusion of manual tests. Our innovative approach complements established methodologies, such as PTES, OWASP, and NIST, providing crucial support to penetration testers and ensuring a comprehensive testing process. Implemented within the Penterep environment, our approach is designed with deployment flexibility (both on-premises and cloud-based), setting it apart through an overview comparison with existing tools aligned with state-of-the-art penetration testing approaches. This flexible and scalable approach effectively bridges the gap between manual and automated testing, meeting the increasing demands for effectiveness and adaptability in penetration testing.

Klíčová slova

Checklists; Cybersecurity; Ethical hacking; Methodology; Penetration testing; Reporting; Vulnerability assessment

Autoři

LAZAROV, W.; ŠEDA, P.; MARTINÁSEK, Z.; KÜMMEL, R.

Vydáno

17. 3. 2025

Nakladatel

Elsevier

ISSN

1872-6208

Periodikum

COMPUTERS & SECURITY

Ročník

154

Číslo

7

Stát

Spojené království Velké Británie a Severního Irska

Strany od

1

Strany do

16

Strany počet

16

URL

https://www.sciencedirect.com/science/article/pii/S0167404825000884

Plný text v Digitální knihovně

http://hdl.handle.net/11012/250881

BibTex

@article{BUT197057,
  author="Willi {Lazarov} and Pavel {Šeda} and Zdeněk {Martinásek} and Roman {Kümmel}",
  title="Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists",
  journal="COMPUTERS & SECURITY",
  year="2025",
  volume="154",
  number="7",
  pages="1--16",
  doi="10.1016/j.cose.2025.104399",
  issn="1872-6208",
  url="https://www.sciencedirect.com/science/article/pii/S0167404825000884"
}