Extending HARM to make Test Cases for Penetration Testing
| Autor: | Aparna Vegendla, Thea Marie Søgaard, Guttorm Sindre |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
business.industry
Computer science Principal (computer security) 020207 software engineering Context (language use) 02 engineering and technology Computer security computer.software_genre Test case Software Harm 020204 information systems Penetration (warfare) 0202 electrical engineering electronic engineering information engineering Key (cryptography) Software engineering business computer Hacker |
| Zdroj: | Lecture Notes in Business Information Processing ISBN: 9783319395630 CAiSE Workshops |
| DOI: | 10.1007/978-3-319-39564-7_24 |
| Popis: | [Context and motivation] Penetration testing is one key technique for discovering vulnerabilities, so that software can be made more secure. [Question/problem] Alignment between modeling techniques used earlier in a project and the development of penetration tests could enable a more systematic approach to such testing, and in some cases also enable creativity. [Principal ideas/results] This paper proposes an extension of HARM (Hacker Attack Representation Method) to achieve a systematic approach to penetration test development. [Contributions] The paper gives an outline of the approach, illustrated by an e-exam case study. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|