Time-tagged pre-defined scenarios for penetration testing
First Claim
Patent Images
1. A system for executing a penetration testing campaign of a networked system, wherein the penetration testing campaign is scheduled to start at a specific start time, the system comprising:
- a. a first non-transitory computer-readable storage medium comprising a library of test scenarios, each test scenario associated with a respective time tag;
b. a computing device, comprising;
i. one or more computer processors, andii. a user interface module comprising a display device for (A) displaying multiple test scenarios from the library and (B) enabling user selection of one of the multiple test scenarios, such that test scenarios from the library whose respective time tags match the scheduled specific start time are displayed and are selectable by the user, and test scenarios from the library whose respective time tags do not match the scheduled specific start time are either not displayed or are displayed but are not selectable by the user; and
c. a second non-transitory computer-readable storage medium comprising program instructions that, when executed by the one or more computer processors of the computing device, cause the one or more computer processors to (i) execute the penetration testing campaign on the basis of the user-selected test scenario so as to test the networked system, (ii) detect a continuance of the executing of the penetration testing campaign until a Boolean condition represented by the time tag associated with the user-selected test scenario becomes not satisfied;
(iii) in response to the detecting, automatically terminating the executing of the penetration testing campaign, and (iv) report at least one security vulnerability determined by the testing of the networked system, wherein the time tag associated with the user-selected test scenario includes at least one of a time interval and a time point, and said time interval determines both a starting time and an ending time.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system. Penetration testing campaigns are carried out based on pre-defined penetration testing scenarios associated with respective time tags. A penetration testing scenario is selected by a user from a set of pre-defined test scenarios, the set containing only pre-defined test scenarios with time tags matching a scheduled starting time of a penetration testing campaign.
-
Citations
18 Claims
-
1. A system for executing a penetration testing campaign of a networked system, wherein the penetration testing campaign is scheduled to start at a specific start time, the system comprising:
-
a. a first non-transitory computer-readable storage medium comprising a library of test scenarios, each test scenario associated with a respective time tag; b. a computing device, comprising; i. one or more computer processors, and ii. a user interface module comprising a display device for (A) displaying multiple test scenarios from the library and (B) enabling user selection of one of the multiple test scenarios, such that test scenarios from the library whose respective time tags match the scheduled specific start time are displayed and are selectable by the user, and test scenarios from the library whose respective time tags do not match the scheduled specific start time are either not displayed or are displayed but are not selectable by the user; and c. a second non-transitory computer-readable storage medium comprising program instructions that, when executed by the one or more computer processors of the computing device, cause the one or more computer processors to (i) execute the penetration testing campaign on the basis of the user-selected test scenario so as to test the networked system, (ii) detect a continuance of the executing of the penetration testing campaign until a Boolean condition represented by the time tag associated with the user-selected test scenario becomes not satisfied;
(iii) in response to the detecting, automatically terminating the executing of the penetration testing campaign, and (iv) report at least one security vulnerability determined by the testing of the networked system, wherein the time tag associated with the user-selected test scenario includes at least one of a time interval and a time point, and said time interval determines both a starting time and an ending time.
-
-
2. A method for executing a penetration testing campaign in a networked system, using an automated penetration testing system, wherein (i) the automated penetration testing system includes a library of multiple pre-defined test scenarios with respective time tags, and (ii) the penetration testing campaign is scheduled to start at a specific start time, the method comprising:
-
a. displaying, by a first display device, pre-defined test scenarios from the library whose respective time tags match the specific start time, wherein; (i) the displaying enables a selection of a pre-defined test scenario by a user of the automated penetration testing system, and (ii) pre-defined test scenarios from the library whose respective time tags do not match the specific start time are either not displayed by the first display device or are displayed by the first display device but are not selectable by the user; b. in response to a selection by the user of a pre-defined test scenario using a user interface of the automated penetration testing system, executing the penetration testing campaign based on the user-selected pre-defined test scenario, so as to test the networked system; and c. reporting at least one security vulnerability determined to exist in the networked system by the penetration testing campaign, the reporting comprising at least one of;
(i) causing a second display device to display information about the at least one security vulnerability, (ii) recording information about the at least one security vulnerability in a file, and (iii) electronically transmitting information about the at least one security vulnerability,wherein; (i) the method further comprises; d. detecting a continuance of the executing of the penetration testing campaign until a Boolean condition represented by the time tag associated with the user-selected pre-defined test scenario becomes not satisfied; and e. in response to the detecting, automatically terminating the executing of the penetration testing campaign; and (ii) the time tag associated with the user-selected pre-defined test scenario includes at least one of a time interval and a time point, and said time interval determines both a starting time and an ending time. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A method for penetration testing of a networked system by executing a penetration testing campaign by an automated penetration testing system that is controlled by a user interface of a computing device, the method comprising:
-
a. determining, by the penetration testing system, a time at which the penetration testing campaign is scheduled to start execution; b. retrieving, by the penetration testing system, a first set of pre-defined penetration testing scenarios from a storage device, wherein each of the pre-defined penetration testing scenarios in the first set is associated with a corresponding time tag; c. causing, by the penetration testing system, a first display device to display a second set of pre-defined penetration testing scenarios, the second set being a subset of the first set; d. receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs selecting one pre-defined penetration testing scenario included in the first set, wherein the selecting of the one pre-defined penetration testing scenario is limited to selecting only a pre-defined penetration testing scenario associated with a time tag which matches the time at which the penetration testing campaign is scheduled to start execution; e. setting the penetration testing campaign to be based on the selected one pre-defined penetration testing scenario; f. executing the penetration testing campaign by the penetration testing system so as to test the networked system; and g. reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a second display device to display information about the at least one security vulnerability, (ii) recording information about the at least one security vulnerability in a file, and (iii) electronically transmitting information about the at least one security vulnerability wherein; (i) the method further comprises; h. detecting a continuance of the executing of the penetration testing campaign until a Boolean condition represented by the time tag associated with the selected one pre-defined penetration testing scenario becomes not satisfied; and i. in response to the detecting, automatically terminating the executing of the penetration testing campaign; and (ii) the time tag associated with the selected one pre-defined penetration testing scenario includes at least one of a time interval and a time point, and said time interval determines both a starting time and an ending time. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A penetration testing system for testing a networked system by executing a penetration testing campaign, comprising:
-
a. a computing device including one or more computer processors; b. a non-transitory computer-readable storage medium storing program instructions for executing a penetration testing campaign, wherein the program instructions are for execution by the one or more computer processors and wherein the stored program instructions comprise; i. first program instructions for determining a time at which the penetration testing campaign is scheduled to start execution, ii. second program instructions for retrieving a first set of pre-defined penetration testing scenarios from a storage device, wherein each of the pre-defined penetration testing scenarios in the first set is associated with a corresponding time tag, iii. third program instructions for causing a first display device to display a second set of pre-defined penetration testing scenarios, the second set being a subset of the first set, iv. fourth program instructions for receiving, via a user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs selecting one pre-defined penetration testing scenario included in the first set, wherein the selecting of the one pre-defined penetration testing scenario is limited to selecting only a pre-defined penetration testing scenario associated with a time tag which matches the time at which the penetration testing campaign is scheduled to start execution, v. fifth program instructions for setting the penetration testing campaign to be based on the selected one pre-defined penetration testing scenario, vi. sixth program instructions for executing the penetration testing campaign so as to test the networked system, vii. seventh program instructions for reporting at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a second display device to display information about the at least one security vulnerability, (ii) recording information about the at least one security vulnerability in a file, and (iii) electronically transmitting information about the at least one security vulnerability, viii. eighth program instructions for detecting a continuance of the executing of the penetration testing campaign until a Boolean condition represented by the time tag associated with the selected one pre-defined penetration testing scenario becomes not satisfied, and ix. ninth program instructions for, in response to the detecting, automatically terminating the executing of the penetration testing campaign, wherein the time tag associated with the selected one pre-defined penetration testing scenario includes at least one of a time interval and a time point, and said time interval determines both a starting time and an ending time.
-
Specification