The problems of system security are well known, but no satisfactory methods to resolve them have ever been discovered. One heuristic method is to use a penetration test with the rationale of finding system flaws before malicious attackers. However, this is a craft-based discipline without an adequate theoretical or empirical basis for justifying its activities and results. We show that both the automated tool and skill-based methods of pen testing are unsatisfactory, because we need to provide understandable evidence to clients about their weaknesses and offer actionable plans to fix the critical ones. We use attack patterns to help develop a pen-testing framework to help avoid the limitations of current approaches.
CITATION STYLE
Blackwell, C. (2014). Towards a penetration testing framework using attack patterns. In Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns (Vol. 9783319044477, pp. 135–148). Springer International Publishing. https://doi.org/10.1007/978-3-319-04447-7_11
Mendeley helps you to discover research relevant for your work.