Related papers: Towards new challenges of modern Pentest

Towards new challenges of modern Pentest

URL: http://arxiv.org/abs/2311.12952v1
Date: Tue, 21 Nov 2023 19:32:23 GMT
Title: Towards new challenges of modern Pentest
Authors: Daniel Dalalana Bertoglio, Arthur Gil, Juan Acosta, Julia Godoy, Roben Castagna Lunardi, Avelino Francisco Zorzo,
Abstract summary: This study aims to present current methodologies, tools, and potential challenges applied to Pentest from an updated systematic literature review. Also, it presents new challenges such as automation of techniques, management of costs associated with offensive security, and the difficulty in hiring qualified professionals to perform Pentest.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: With the increasing number of internet-based resources and applications, the amount of attacks faced by companies has increased significantly in the past years. Likewise, the techniques to test security and emulate attacks need to be constantly improved and, as a consequence, help to mitigate attacks. Among these techniques, penetration test (Pentest) provides methods to assess the security posture of assets, using different tools and methodologies applied in specific scenarios. Therefore, this study aims to present current methodologies, tools, and potential challenges applied to Pentest from an updated systematic literature review. As a result, this work provides a new perspective on the scenarios where penetration tests are performed. Also, it presents new challenges such as automation of techniques, management of costs associated with offensive security, and the difficulty in hiring qualified professionals to perform Pentest.

Related papers

Towards Automated Penetration Testing: Introducing LLM Benchmark, Analysis, and Improvements [1.4433703131122861]
Large language models (LLMs) have shown potential across various domains, including cybersecurity. There is currently no comprehensive, open, end-to-end automated penetration testing benchmark. This paper introduces a novel open benchmark for LLM-based automated penetration testing.
arXiv Detail & Related papers (2024-10-22T16:18:41Z)
Hacking, The Lazy Way: LLM Augmented Pentesting [0.0]
"LLM Augmented Pentesting" is demonstrated through a tool named "Pentest Copilot" Our research includes a "chain of thought" mechanism to streamline token usage and boost performance. We propose a novel file analysis approach, enabling LLMs to understand files.
arXiv Detail & Related papers (2024-09-14T17:40:35Z)
Insider Threats Mitigation: Role of Penetration Testing [0.0]
This study aims to improve the knowledge of penetration testing as a critical part of insider threat defense. We look at how penetration testing is used in different industries, present case studies with real-world implementations, and discuss the obstacles and constraints that businesses must overcome.
arXiv Detail & Related papers (2024-07-24T15:14:48Z)
Applying Security Testing Techniques to Automotive Engineering [4.2755847332268235]
Security regression testing ensures that changes made to a system do not harm its security. We present a systematic classification of available security regression testing approaches.
arXiv Detail & Related papers (2023-09-18T10:32:36Z)
Constrained Adversarial Learning and its applicability to Automated Software Testing: a systematic review [0.0]
This systematic review is focused on the current state-of-the-art of constrained data generation methods applied for adversarial learning and software testing. It aims to guide researchers and developers to enhance testing tools with adversarial learning methods and improve the resilience and robustness of their digital systems.
arXiv Detail & Related papers (2023-03-14T00:27:33Z)
Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey [114.17568992164303]
Adrial attacks and defenses in machine learning and deep neural network have been gaining significant attention. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks.
arXiv Detail & Related papers (2023-03-11T04:19:31Z)
Towards Informed Design and Validation Assistance in Computer Games Using Imitation Learning [65.12226891589592]
This paper proposes a new approach to automated game validation and testing. Our method leverages a data-driven imitation learning technique, which requires little effort and time and no knowledge of machine learning or programming.
arXiv Detail & Related papers (2022-08-15T11:08:44Z)
Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z)
Inspect, Understand, Overcome: A Survey of Practical Methods for AI Safety [54.478842696269304]
The use of deep neural networks (DNNs) in safety-critical applications is challenging due to numerous model-inherent shortcomings. In recent years, a zoo of state-of-the-art techniques aiming to address these safety concerns has emerged. Our paper addresses both machine learning experts and safety engineers.
arXiv Detail & Related papers (2021-04-29T09:54:54Z)
Greedy Policy Search: A Simple Baseline for Learnable Test-Time Augmentation [65.92151529708036]
We introduce greedy policy search (GPS) as a simple but high-performing method for learning a policy of test-time augmentation. We demonstrate that augmentation policies learned with GPS achieve superior predictive performance on image classification problems.
arXiv Detail & Related papers (2020-02-21T02:57:13Z)
Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.