Network security testing
First Claim
1. A network security testing apparatus comprising:
- a first tester that is adapted to communicably couple to a system under test;
wherein said first tester is adapted to perform a plurality of tests on the system under test;
wherein the plurality of tests includes a first test and a second test, each of which is adapted to return system environment information regarding the system under test;
wherein the first test is executed before the second test; and
wherein the first test differs from the second test in that the second test is more specific to the system under test based on information gained from the first test.
4 Assignments
0 Petitions
Accused Products
Abstract
To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment'"'"'s physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.
-
Citations
102 Claims
-
1. A network security testing apparatus comprising:
-
a first tester that is adapted to communicably couple to a system under test;
wherein said first tester is adapted to perform a plurality of tests on the system under test;
wherein the plurality of tests includes a first test and a second test, each of which is adapted to return system environment information regarding the system under test;
wherein the first test is executed before the second test; and
wherein the first test differs from the second test in that the second test is more specific to the system under test based on information gained from the first test. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 47, 50, 54, 57, 60, 66, 69, 72)
-
-
13. A network security testing method comprising:
-
executing a first test by a first tester, wherein the first test is targeted at a system under test, and wherein the first tester is communicably coupled to the system under test;
receiving first information from the first test about the system under test, after executing the first test;
executing a second test after said receiving first information, wherein the second test is more specific to the system under test based on the first information;
receiving second information from the second test about the system under test, after executing the second test; and
wherein the second information is more specific to the system under test based on the first information.
-
-
25. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for executing a first test by a first tester, wherein the first test is targeted at a system under test, and wherein the first tester is communicably coupled to the system under test;
instructions for receiving first information from the first test about the system under test, after executing the first test;
instructions for executing a second test after receiving first information, wherein the second test is more specific to the system under test based on the first information;
instructions for receiving second information from the second test about the system under test, after executing the second test; and
wherein the second information is more specific to the system under test based on the first information.
-
-
37. A network security testing apparatus comprising:
-
a customer profile;
a plurality of test tools;
a first tester that is adapted to communicably couple to a system under test;
wherein a selected test tool is selected from said plurality of test tools based at least partially upon said customer profile; and
wherein said first tester is adapted to execute the selected test tool so as to test the system under test.
-
-
44. A network security testing method comprising:
-
selecting a selected test tool from a plurality of test tools based at least partially upon a customer profile; and
executing the selected test tool by a first tester so as to test a system under test, wherein the first tester is communicably coupled to the system under test. - View Dependent Claims (45, 46, 48, 49)
-
-
51. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for selecting a selected test tool from a plurality of test tools based at least partially upon a customer profile; and
instructions for executing the selected test tool by a first tester so as to test a system under test, wherein the first tester is communicably coupled to the system under test. - View Dependent Claims (52, 53, 55, 56, 59, 61, 62, 63)
-
-
58. A network security testing apparatus comprising:
-
a plurality of testers;
a customer profile;
wherein each of said plurality of testers is adapted to communicably couple to a system under test; and
wherein a test of the system under test is performed by a selected tester of said plurality of testers, the selected tester being selected from said plurality of testers based at least partially upon said customer profile.
-
-
64. A network security testing method comprising:
-
selecting a selected tester from a plurality of testers based at least partially upon a customer profile; and
executing a test by the selected tester, wherein the test is targeted at a system under test, and wherein the selected tester is communicably coupled to the system under test. - View Dependent Claims (65, 67, 68)
-
-
70. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for selecting a selected tester from a plurality of testers based at least partially upon a customer profile; and
instructions for executing a test by the selected tester, wherein the test is targeted at a system under test, and wherein the selected tester is communicably coupled to the system under test. - View Dependent Claims (71, 73, 74, 75)
-
-
76. A network security testing apparatus comprising:
-
a first tester that is adapted to communicably couple to a system under test, wherein said first tester is adapted to perform a test on the system under test;
wherein said first tester is adapted to make a first attempt to communicably couple to the system under test before the test;
wherein said first tester is adapted to make a second attempt to communicably couple to the system under test after the test; and
wherein the combination of success of the first attempt and failure of the second attempt are interpreted as detection of the test by the system under test. - View Dependent Claims (77, 78, 79)
-
-
80. A network security testing method comprising:
-
attempting a first communicable coupling by a first tester to a system under test;
executing a test by the first tester, wherein the test is targeted at the system under test;
attempting a second communicable coupling by the first tester to the system under test; and
interpreting the combination success of the first communicable coupling and failure of the second communicable coupling as detection of the test by the system under test. - View Dependent Claims (81, 82, 83)
-
-
84. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for attempting a first communicable coupling by a first tester to a system under test;
instructions for executing a test by the first tester, wherein the test is targeted at the system under test;
instructions for attempting a second communicable coupling by the first tester to the system under test; and
instructions for interpreting the combination of success of the first communicable coupling and failure of the second communicable coupling as detection of the test by the system under test. - View Dependent Claims (85, 86, 87)
-
-
88. A network security testing apparatus comprising:
-
a tester;
a test tool;
an application programming interface (API);
wherein said API is adapted to interface between said tester and said test tool, such that said test tool may be executed by said tester even if the outputs of said tester do not directly correspond to the inputs of said test tool, and such that said test tool may be executed by said tester even if the inputs of said tester do not directly correspond to the outputs of said test tool;
wherein said tester is adapted to be communicably coupled to a system under test; and
wherein said tester is adapted to test the system under test by execution of said test tool;
-
-
89. A network security testing method comprising:
-
adapting an application programming interface (API) to interface between a tester and a test tool, such that the test tool may be executed by the tester even if the outputs of the tester do not directly correspond to the inputs of the test tool, and such that the test tool may be executed by the tester even if the inputs of the tester do not directly correspond to the outputs of the test tool;
executing the test tool by the tester;
wherein the test tool is targeted at a system under test; and
wherein the tester is communicably coupled to the system under test;
-
-
90. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for adapting an application programming interface (API) to interface between a tester and a test tool, such that the test tool may be executed by the tester even if the outputs of the tester do not directly correspond to the inputs of the test tool, and such that the test tool may be executed by the tester even if the inputs of the tester do not directly correspond to the outputs of the test tool;
instructions for executing the test tool by the tester;
wherein the test tool is targeted at a system under test; and
wherein the tester is communicably coupled to the system under test;
-
-
91. A network security testing apparatus comprising:
-
a tester that is communicably coupled to a system under test, wherein said tester is adapted to test the system under test;
wherein said tester is adapted to execute a first test tool to test the system under test;
wherein said tester is adapted to execute a second test tool to test the system under test; and
wherein a time period of selected length is interposed between the execution of the first test tool and the execution of the second test tool during which said tester does not test the system under test. - View Dependent Claims (92)
-
-
93. A network security testing method comprising:
-
executing a first test tool by a tester, wherein the first test tool is targeted at a system under test, and wherein the tester is communicably coupled to the system under test;
executing a second test tool by the tester, wherein the second test tool is targeted at the system under test; and
selecting a time period of selected length to follow said executing the first test tool and precede said executing the second test tool. - View Dependent Claims (94)
-
-
95. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for executing a first test tool by a tester, wherein the first test tool is targeted at a system under test, and wherein the tester is communicably coupled to the system under test;
instructions for executing a second test tool by the tester, wherein the second test tool is targeted at the system under test; and
instructions for selecting a time period of selected length to follow execution of the first test tool and precede the execution of the second test tool. - View Dependent Claims (96)
-
-
97. A network security testing apparatus comprising:
-
a plurality of testers;
a plurality of test tools;
wherein each of said plurality of testers is adapted to communicably couple to a system under test; and
wherein a random one of said plurality of test tools is executed by a random one of said plurality of testers, the random one of said plurality of test tools being executed so as to target the system under test, whereby the system under test is tested. - View Dependent Claims (98)
-
-
99. A network security testing method comprising:
-
randomly selecting a one of a plurality of test tools;
randomly selecting a one of a plurality of testers;
executing the one of the plurality of test tools by the one of the plurality of testers;
wherein the one of the plurality of test tools is targeted at a system under test, and wherein the one of the plurality of testers is communicably coupled to the system under test;
- View Dependent Claims (100)
-
-
101. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for randomly selecting a one of a plurality of test tools;
instructions for randomly selecting a one of a plurality of testers;
instructions for executing the one of the plurality of test tools by the one of the plurality of testers;
wherein the one of the plurality of test tools is targeted at a system under test, and wherein the one of the plurality of testers is communicably coupled to the system under test;
- View Dependent Claims (102)
-
Specification