Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign
First Claim
1. A method for penetration testing of a networked system by a penetration testing system using both active and passive validation methods wherein the penetration testing system is controlled by a user interface of a computing device, the method for penetration testing comprising:
- a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs;
b. determining a first target network node of the networked system to be the next network node to attempt to compromise;
c. determining a first vulnerability of network nodes to be used for compromising the first target network node;
d. determining a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation;
e. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being;
A. selected from the type group consisting of active validation and passive validation; and
B. associated with the first damage;
f. validating the first vulnerability for the first target network node using the first validation method;
g. determining a second target network node of the networked system to be the next network node to attempt to compromise;
h. determining a second vulnerability of network nodes to be used for compromising the second target network node;
i. determining a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation;
j. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being;
A. selected from the type group consisting of active validation and passive validation;
B. associated with the second damage; and
C. different from the type of the first validation method;
k. validating the second vulnerability for the second target network node using the second validation method; and
l. reporting at least one security vulnerability of the networked system determined to exist based on results of performing steps b-k, wherein the reporting comprises performing at least one operation selected from the group consisting of;
(A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system, (B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein all of steps b-l are performed by the penetration testing system, and wherein the one or more manually-entered inputs received via the user interface explicitly define at least one item selected from the group consisting of (i) a type of a validation method associated with the first damage, and (ii) a type of a validation method associated with the second damage.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.
-
Citations
5 Claims
-
1. A method for penetration testing of a networked system by a penetration testing system using both active and passive validation methods wherein the penetration testing system is controlled by a user interface of a computing device, the method for penetration testing comprising:
-
a. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs; b. determining a first target network node of the networked system to be the next network node to attempt to compromise; c. determining a first vulnerability of network nodes to be used for compromising the first target network node; d. determining a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation; e. selecting a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being; A. selected from the type group consisting of active validation and passive validation; and B. associated with the first damage; f. validating the first vulnerability for the first target network node using the first validation method; g. determining a second target network node of the networked system to be the next network node to attempt to compromise; h. determining a second vulnerability of network nodes to be used for compromising the second target network node; i. determining a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation; j. selecting a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being; A. selected from the type group consisting of active validation and passive validation; B. associated with the second damage; and C. different from the type of the first validation method; k. validating the second vulnerability for the second target network node using the second validation method; and l. reporting at least one security vulnerability of the networked system determined to exist based on results of performing steps b-k, wherein the reporting comprises performing at least one operation selected from the group consisting of;
(A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system, (B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein all of steps b-l are performed by the penetration testing system, and wherein the one or more manually-entered inputs received via the user interface explicitly define at least one item selected from the group consisting of (i) a type of a validation method associated with the first damage, and (ii) a type of a validation method associated with the second damage. - View Dependent Claims (2, 3, 4)
-
-
5. A penetration testing system for executing penetration testing of a networked system using both active and passive validation methods, wherein the penetration testing system is controlled by a user interface, the penetration testing system comprising:
-
a. a remote computing device comprising a computer memory and one or more processors, the remote computing device in networked communication with multiple network nodes of the networked system; b. a non-transitory computer-readable storage medium containing program instructions, wherein execution of the program instructions by the one or more processors of the remote computing device performs all of the following; i. determine a first target network node of the networked system to be the next network node to attempt to compromise; ii. determine a first vulnerability of network nodes to be used for compromising the first target network node; iii. determine a first damage to the first target network node that can be caused by validating the first vulnerability for the first target network node by using active validation; iv. select a first validation method for validating the first vulnerability for the first target network node, a type of the first validation method being; A. selected from the type group consisting of active validation and passive validation; and B. associated with the first damage; v. cause a validation of the first vulnerability for the first target network node using the first validation method; vi. determine a second target network node of the networked system to be the next network node to attempt to compromise; vii. determine a second vulnerability of network nodes to be used for compromising the second target network node; viii. determine a second damage to the second target network node that can be caused by validating the second vulnerability for the second target network node by using active validation; ix. select a second validation method for validating the second vulnerability for the second target network node, a type of the second validation method being; A. selected from the type group consisting of active validation and passive validation; B. associated with the second damage; and C. different from the type of the first validation method; x. cause a validation of the second vulnerability for the second target network node using the second validation method; and xi. report at least one security vulnerability of the networked system determined to exist based on results of performing operations b(i)-b(x), wherein the reporting comprises performing at least one operation selected from the group consisting of;
(A) causing a display device to display a report containing information about the at least one security vulnerability of the networked system, (B) storing the report containing information about the at least one security vulnerability of the networked system in a file and (C) electronically transmitting the report containing information about the at least one security vulnerability of the networked system,wherein the penetration testing system is configured to receive, via the user interface, one or more manually-entered inputs that explicitly define at least one item selected from the group consisting of (i) a type of a validation method associated with the first damage, and (ii) a type of a validation method associated with the second damage.
-
Specification