A Comprehensive Evaluation and Practice of System Penetration Testing

• URL: http://arxiv.org/abs/2510.26555v1
• Date: Thu, 30 Oct 2025 14:47:48 GMT
• Title: A Comprehensive Evaluation and Practice of System Penetration Testing
• Authors: Chunyi Zhang, Jin Zeng, Xiaoqi Li,
• Abstract summary: This paper explores how to enhance system security through systematic penetration testing processes and technical approaches.<n>It also examines existing penetration tools, analyzing their strengths, weaknesses, and applicable domains to guide penetration testers in tool selection.
• Score: 8.86506003059572
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance system security through systematic penetration testing processes and technical approaches. It also examines existing penetration tools, analyzing their strengths, weaknesses, and applicable domains to guide penetration testers in tool selection. Furthermore, based on the penetration testing process outlined in this paper, appropriate tools are selected to replicate attack processes using target ranges and target machines. Finally, through practical case analysis, lessons learned from successful attacks are summarized to inform future research.

Related papers

• Penetration Testing for System Security: Methods and Practical Approaches [4.127929080147854]
  This study aims not only to clarify the theoretical foundations of penetration testing but also to explain and demonstrate the complete testing process.<n>The paper outlines the five basic stages of a typical penetration test: intelligence gathering, vulnerability scanning, vulnerability exploitation, privilege escalation, and post-exploitation activities.
  arXiv  Detail & Related papers  (2025-05-25T14:46:00Z)
• AISafetyLab: A Comprehensive Framework for AI Safety Evaluation and Improvement [73.0700818105842]
  We introduce AISafetyLab, a unified framework and toolkit that integrates representative attack, defense, and evaluation methodologies for AI safety.<n> AISafetyLab features an intuitive interface that enables developers to seamlessly apply various techniques.<n>We conduct empirical studies on Vicuna, analyzing different attack and defense strategies to provide valuable insights into their comparative effectiveness.
  arXiv  Detail & Related papers  (2025-02-24T02:11:52Z)
• Insider Threats Mitigation: Role of Penetration Testing [0.0]
  This study aims to improve the knowledge of penetration testing as a critical part of insider threat defense. We look at how penetration testing is used in different industries, present case studies with real-world implementations, and discuss the obstacles and constraints that businesses must overcome.
  arXiv  Detail & Related papers  (2024-07-24T15:14:48Z)
• Towards new challenges of modern Pentest [0.0]
  This study aims to present current methodologies, tools, and potential challenges applied to Pentest from an updated systematic literature review. Also, it presents new challenges such as automation of techniques, management of costs associated with offensive security, and the difficulty in hiring qualified professionals to perform Pentest.
  arXiv  Detail & Related papers  (2023-11-21T19:32:23Z)
• Applying Security Testing Techniques to Automotive Engineering [4.2755847332268235]
  Security regression testing ensures that changes made to a system do not harm its security. We present a systematic classification of available security regression testing approaches.
  arXiv  Detail & Related papers  (2023-09-18T10:32:36Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Constrained Adversarial Learning for Automated Software Testing: a literature review [0.0]
  This literature review is focused on the current state-of-the-art of constrained data generation approaches applied for adversarial learning and software testing.<n>The advantages and limitations of those specific for white-box, grey-box, and black-box testing were analyzed.
  arXiv  Detail & Related papers  (2023-03-14T00:27:33Z)
• Towards Automated Classification of Attackers' TTPs by combining NLP with ML Techniques [77.34726150561087]
  We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research. Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
  arXiv  Detail & Related papers  (2022-07-18T09:59:21Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Evaluating the Safety of Deep Reinforcement Learning Models using Semi-Formal Verification [81.32981236437395]
  We present a semi-formal verification approach for decision-making tasks based on interval analysis. Our method obtains comparable results over standard benchmarks with respect to formal verifiers. Our approach allows to efficiently evaluate safety properties for decision-making models in practical applications.
  arXiv  Detail & Related papers  (2020-10-19T11:18:06Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.