92,433 research outputs found
INTEGRATION OF INTELLIGENCE TECHNIQUES ON THE EXECUTION OF PENETRATION TESTS (iPENTEST)
Penetration Tests (Pentests) identify potential vulnerabilities in the security of computer systems via security assessment. However, it should also benefit from widely recognized methodologies and recommendations within this field, as the Penetration Testing Execution Standard (PTES). The objective of this research is to explore PTES, particularly the three initial phases: 1. Pre-Engagement Interactions; 2. Intelligence Gathering; 3. Threat Modeling; and ultimately to apply Intelligence techniques to the Threat Modeling phase. To achieve this, we will use open-source and/or commercial tools to structure a process to clarify how the results were reached using the research inductive methodology. The following steps were implemented: i) critical review of the “Penetration Testing Execution Standard (PTES)”; ii) critical review of Intelligence Production Process; iii) specification and classification of contexts in which Intelligence could be applied; iv) definition of a methodology to apply Intelligence Techniques to the specified contexts; v) application and evaluation of the proposed methodology to real case study as proof of concept. This research has the ambition to develop a model grounded on Intelligence techniques to be applied on PTES Threat Modeling phase
Generator for Z Conceptual Model Using JFlex and BYACC/J Specification
The Z notation is one of leading formal
specification language based on standard
mathematical notation, used for describing and
modeling computer systems. The system, which is
called ZC06, is composed by some phases, namely
lexical analysis, syntax analysis, semantic analysis,
and model conceptual-generation. ZC06 accepts Z
specification and produces conceptual model whose
format is based on format that had been proposed by
researchers around 1990's. The lexical analyzer is
developed by using JFlex, whilst the three other
phases are developed by using BYACC/J. ZC06 is
implemented by interfacing JFlex with BYACC/J.
ZC06 has been tested by using two specifications. The
first specification is a specification that specifies
security room (SBK), which has been used by previous
researcher. The output is evaluated by comparing
ZC06's output with the one, which had been developed
by that researcher. The second one is a specification
that specifies a system, which records people's
birthday (SHJ). This specification has not been used
as an input in previous researches. Therefore, the
output is evaluated by redeveloping manually its
specification based on its conceptual model. The
result shows that ZC06 produces conceptual model,
which is equally the same as the previous one.
Moreover, SHJ has been redeveloped successfull
Recommended from our members
A Static Verification Framework for Secure Peer-to-Peer Applications
In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process
- …