research-article

Open access

Visual representation of penetration testing actions and skills in a technical tree model

Authors:

Ahmed Falah,

Lei Pan,

Mohamed AbdelrazekAuthors Info & Claims

ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference

Article No.: 8, Pages 1 - 10

https://doi.org/10.1145/3014812.3014820

Published: 31 January 2017 Publication History

PDF eReader

Abstract

With the dire need for more competent cyber security professionals, two parties endeavor to close this gap, industry certificates that focus on hands-on experience, and higher education institutions that favor assessing knowledge memorization. It is challenging for the enthusiasts to acquire a solid and balanced profile of knowledge and hands-on experience in the professional context. We introduce a visual representation of penetration testing skills, actions and knowledge so that it closely relates theory and skills for cyber security topics which can serve as a guide for professional development. To illustrate our methodology, we selected 10 case studies from the hacking challenges of Cyber Security Challenge Australia 2014, conducted the experiments and aligned necessary skills and the actions to these complex scenarios. These detailed analysis and models are visually presented as a tree to encompass the landscape of penetration testing in practice which could be a valuable tool for enthusiasts and learners to plan their learning activities.

References

[1]

OWASP OWASP. City, 2016.

Google Scholar

[2]

Pan, L. and Batten, L. Reproducibility of digital evidence in forensic investigations. Digital Forensics Research Workshop, City, 2005.

Google Scholar

[3]

Bivens, A., Palagiri, C., Smith, R., Szymanski, B. and Embrechts, M. Network-based intrusion detection using neural networks. Intelligent Engineering Systems through Artificial Neural Networks, 12, 1 (2002), 579--584.

Google Scholar

[4]

Warkentin, M. and Willison, R. Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18, 2 (2009), 101.

Crossref

Google Scholar

[5]

Rogers, M. K. A two-dimensional circumplex approach to the development of a hacker taxonomy. Digital investigation, 3, 2 (2006), 97--102.

Digital Library

Google Scholar

[6]

Meyers, C., Powers, S. and Faissol, D. Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches. Lawrence Livermore National Laboratory (April 2009), 7 (2009).

Google Scholar

[7]

Rowe, D. C., Lunt, B. M. and Ekstrom, J. J. The role of cyber-security in information technology education. ACM, City, 2011.

Digital Library

Google Scholar

[8]

EC-Council Certified Ethical Hacking Certification. City, 2016.

Google Scholar

[9]

OFFENSIVEsecurity Offensive Security Certified Professional. City, 2016.

Google Scholar

[10]

Conklin, A. Cyber defense competitions and information security education: An active learning solution for a capstone course. IEEE, City, 2006.

Digital Library

Google Scholar

[11]

CySCA Cyber Security Challenge Australia. City, 2016.

Google Scholar

[12]

Mahajan, A. Burp Suite Essentials. Packt Publishing Ltd, 2014.

Google Scholar

[13]

Kim, P. The hacker playbook: Practical guide to penetration testing. Secure Planet LLC, 2014.

Google Scholar

[14]

Bogolea, B. and Wijekumar, K. Information security curriculum creation: a case study. ACM, City, 2004.

Digital Library

Google Scholar

Cited By

View all

Bertoglio DGil AAcosta JGodoy JLunardi RZorzo A(2024)Towards New Challenges of Modern PentestIntelligent Sustainable Systems10.1007/978-981-99-7569-3_3(21-33)Online publication date: 16-Feb-2024
https://doi.org/10.1007/978-981-99-7569-3_3
Falah APan LChen F(2018)A Quantitative Approach to Design Special Purpose Systems to Measure Hacking Skills2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE)10.1109/TALE.2018.8615431(54-61)Online publication date: Dec-2018
https://doi.org/10.1109/TALE.2018.8615431

Index Terms

Visual representation of penetration testing actions and skills in a technical tree model
1. Security and privacy
  1. Formal methods and theory of security
    1. Security requirements

Recommendations

About Penetration Testing

Students generally learn red teaming, sometimes called penetration testing or ethical hacking, as "breaking into your own system to see how hard it is to do so." Contrary to this simplistic view, a penetration test requires a detailed analysis of the ...
Exploring Defense of SQL Injection Attack in Penetration Testing

SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed ...
A Penetration Testing Method for E-Commerce Authentication System Security
ICMECG '09: Proceedings of the 2009 International Conference on Management of e-Commerce and e-Government

E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference

January 2017

615 pages

ISBN:9781450347686

DOI:10.1145/3014812

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 January 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACSW 2017

ACSW 2017: Australasian Computer Science Week 2017

January 30 - February 3, 2017

Geelong, Australia

Acceptance Rates

ACSW '17 Paper Acceptance Rate 78 of 156 submissions, 50%;

Overall Acceptance Rate 204 of 424 submissions, 48%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
1,015
Total Downloads

Downloads (Last 12 months)92
Downloads (Last 6 weeks)7

Reflects downloads up to 19 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bertoglio DGil AAcosta JGodoy JLunardi RZorzo A(2024)Towards New Challenges of Modern PentestIntelligent Sustainable Systems10.1007/978-981-99-7569-3_3(21-33)Online publication date: 16-Feb-2024
https://doi.org/10.1007/978-981-99-7569-3_3
Falah APan LChen F(2018)A Quantitative Approach to Design Special Purpose Systems to Measure Hacking Skills2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE)10.1109/TALE.2018.8615431(54-61)Online publication date: Dec-2018
https://doi.org/10.1109/TALE.2018.8615431

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

About Penetration Testing

Exploring Defense of SQL Injection Attack in Penetration Testing

A Penetration Testing Method for E-Commerce Authentication System Security

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations