Ethical dilemmas and dimensions in penetration testing.

Penetration testers are required to attack systems to evaluate their security, but without engaging in unethical behaviour while doing so. Despite work on hacker values and studies into security practice, there is little literature devoted to the ethical pressures associated with penetration testing. This paper presents several ethical dilemmas and dimensions associated with penetration testing; these shed light on the ethical positions taken by penetration testers, and help identify potential fallacies and biases associated with each position

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

A Study of Penetration Testing Processes and Tools

With cybercrimes on the rise, cybersecurity has become very important today. Every company is eager to avoid cybercrimes like data breaches and hacking. To prepare for such incidents, every company has many protection systems in place. However, the best method to test the strength of these protective measures is penetration testing. Every pen tester must consider many factors like budget, time, and scope of the organization’s penetration testing to choose just the right tool for each phase of the process. This project analyzes the most efficient scanning tool by testing them in a Kali Linux environment

Maximizing Penetration Testing Success with Effective Reconnaissance Techniques using ChatGPT

ChatGPT is a generative pretrained transformer language model created using artificial intelligence implemented as chatbot which can provide very detailed responses to a wide variety of questions. As a very contemporary phenomenon, this tool has a wide variety of potential use cases that have yet to be explored. With the significant extent of information on a broad assortment of potential topics, ChatGPT could add value to many information security uses cases both from an efficiency perspective as well as to offer another source of security information that could be used to assist with securing Internet accessible assets of organizations. One information security practice that could benefit from ChatGPT is the reconnaissance phase of penetration testing. This research uses a case study methodology to explore and investigate the uses of ChatGPT in obtaining valuable reconnaissance data. ChatGPT is able to provide many types of intel regarding targeted properties which includes Internet Protocol (IP) address ranges, domain names, network topology, vendor technologies, SSL/TLS ciphers, ports & services, and operating systems used by the target. The reconnaissance information can then be used during the planning phase of a penetration test to determine the tactics, tools, and techniques to guide the later phases of the penetration test in order to discover potential risks such as unpatched software components and security misconfiguration related issues. The study provides insights into how artificial intelligence language models can be used in cybersecurity and contributes to the advancement of penetration testing techniques. Keywords: ChatGPT, Penetration Testing, ReconnaissanceComment: 12 pages, 1 table, research articl

A Quality-based Security Enhancement Procedure to Improve E-Commerce security

E-commerce is an important product in the internet fever. However, the network intrusion and security vulnerabilities have continued to threaten the e-commerce operation and user privacy. How to improve security of e-commerce has become a topic worthy exploration. In this paper, based on security testing and repair, proposes a Software Security Enhancement Procedure (SSEP for short). In addition, for assuring SSEP operation quality, proposes a set of Software Security Enhancement Process Quality Measurement (SSEPQM for short) model. Applying SSEPQM model, the defects of security improvement process can be identified and revised. So the security of e-commerce can be enhanced effective and continuous

Module development in Metasploit for pentesting

Module development in Metasploit for pentestingVista sobre que es un test de penetracion con la herramienta Metasploit i el desarollo de algunos modulos en la aplicacionVista sobre que es un test de penetració amb l'eina Metasploit i el desenvolupament d'alguns modul

Quantitative penetration testing with item response theory (extended version)

Existing penetration testing approaches assess the vulnerability of a system by determining whether certain attack paths are possible in practice. Therefore, penetration testing has thus far been used as a qualitative research method. To enable quantitative approaches to security risk management, including decision support based on the cost-effectiveness of countermeasures, one needs quantitative measures of the feasibility of an attack. Also, when physical or social attack steps are involved, the binary view on whether a vulnerability is present or not is insucient, and one needs some viability metric. When penetration tests are performed anyway, it is very easy for the testers to keep track of, for example, the time they spend on each attack step. Therefore, this paper proposes the concept of quantitative penetration testing to determine the diculty rather than the possibility of attacks. We do this by step-wise updates of expected time and probability of success for all steps in an attack scenario. Also, the skill of the testers can be included to improve the accuracy of the metrics, based on the framework of Item Response Theory (Elo ratings). We show the feasibility of the approach by means of simulations, and discuss application possibilities

Teaching by Practice: Shaping Secure Coding Mentalities through Cybersecurity CTFs

The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as the focus of CTF-engaged learning for beginner to upper-level undergraduate students. We propose a survey system to evaluate the secure coding mentality of our students before and after taking these challenges, as well as an easily-hosted, low-resource CTF platform that students can access either in or outside of the classroom. We have found this system to be moderately effective at framing and improving the secure coding mentalities of our students

Information assurance techniques:perceived cost effectiveness

The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed

Towards Achieving Data Security with the Cloud Computing Adoption Framework

Offering real-time data security for petabytes of data is important for Cloud Computing. A recent survey on cloud security states that the security of users’ data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43% of them can be quarantined. Our CCAF multi-layered security has an average of 20% better p- rformance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results