Litcius/Paper detail

A methodology for automated penetration testing of cloud applications

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano

2020International Journal of Grid and Utility Computing20 citationsDOI

Abstract

Security assessment is a very time- and money-consuming activity. It needs specialised security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is a typically human-driven procedure that requires a deep knowledge of the possible attacks to carry out and of the hacking tools that can be used to launch the tests. In this paper, we present a methodology that enables the automation of penetration testing techniques based on both application-level models, used to represent the application architecture and its security properties in terms of applicable threats, vulnerabilities and weaknesses, and on system-level models, adopted to automatically generate and execute the penetration testing activities. The proposed methodology can be easily integrated into a continuous integration development process and aid software developers in evaluating security.

Topics & Concepts

Computer scienceSecurity testingCloud computingSoftware security assurancePenetration (warfare)HackerIntegration testingWhite-box testingSecurity controlsAutomationSoftware engineeringSoftwareComputer securitySoftware developmentCloud computing securitySecurity information and event managementOperating systemSoftware constructionArtificial intelligenceEngineeringMechanical engineeringOperations researchControl (management)Web Application Security VulnerabilitiesInformation and Cyber SecurityAdvanced Malware Detection Techniques
A methodology for automated penetration testing of cloud applications | Litcius