SETTING-UP PENETRATION TESTING CAMPAIGNS
First Claim
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system, the method comprising:
- receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the one or more network nodes of the networked system, wherein at least one of the manually and explicitly selected nodes is other than the computing device;
in accordance with the manual and explicit selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that the manually and explicitly selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and
reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, and (ii) electronically transmitting a report describing the at least one security vulnerability.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for penetration testing of a networked system by a penetration testing system (e.g. that is controlled by a user interface of a computing device) are disclosed herein. In one example, a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system. Alternatively or additionally, a penetration testing campaign is executed according to a manually and explicitly selected node-selection condition. Alternatively or additionally, a penetration testing campaign is executed according to an automatic selecting of one or more network nodes of the networked system.
23 Citations
20 Claims
-
1. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manual and explicit selecting of one or more network nodes of the networked system, the method comprising:
-
receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting the one or more network nodes of the networked system, wherein at least one of the manually and explicitly selected nodes is other than the computing device; in accordance with the manual and explicit selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that the manually and explicitly selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, and (ii) electronically transmitting a report describing the at least one security vulnerability. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for penetration testing of a networked system, the system comprising:
-
a. a network-nodes-selection user interface including one or more user interface components for manual and explicit selection of one or more network nodes, where the network-nodes-selection user interface resides in a computing device and at least one of the manually and explicitly selected one or more network nodes is other than the computing device; b. a penetration-testing-campaign module programmed to perform a penetration testing campaign under the assumption that the manually and explicitly selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and c. a reporting module for reporting at least one security vulnerability determined to exist in the networked system according to results of the penetration testing campaign that is performed by the penetration-testing-campaign module, wherein the reporting module is configured to report the at least one security vulnerability by performing at least one of (i) causing a display device to display a report describing the at least one security vulnerability, and (ii) electronically transmitting a report describing the at least one security vulnerability. - View Dependent Claims (7)
-
-
8. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to a manually and explicitly provided node-selection condition, the method comprising:
-
receiving, by the penetration testing system and via the user interface of the computing device, one or more manually-entered inputs, the one or more manually-entered inputs explicitly selecting a Boolean node-selection condition, the manually and explicitly selected node-selection condition defining a proper subset of network nodes of the networked system such that any network node of the networked system is a member of the subset of network nodes if and only if it satisfies the condition; in accordance with the manual and explicit selecting of the node-selection condition, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that every node of the subset of network nodes is already compromised at the time of beginning the penetration testing campaign; and reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, and (ii) electronically transmitting a report describing the at least one security vulnerability. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of penetration testing of a networked system by a penetration testing system that is controlled by a user interface of a computing device so that a penetration testing campaign is executed according to an automatic selecting of one or more network nodes of the networked system, the method comprising:
-
determining, by the penetration testing system, at least one of (i) a type of an attacker of the penetration testing campaign, and (ii) whether one or more network nodes of the networked system satisfy a pre-defined Boolean condition; based on a result of the determining, automatically selecting, by the penetration testing system, the one or more network nodes of the networked system, wherein at least one of the automatically selected network nodes is other than the computing device; in accordance with the automatically selecting of the network nodes, executing the penetration testing campaign by the penetration testing system so as to test the networked system, the penetration testing campaign being executed under the assumption that the automatically selected one or more network nodes of the networked system are already compromised at the time of beginning the penetration testing campaign; and reporting, by the penetration testing system, at least one security vulnerability determined to exist in the networked system by the executing of the penetration testing campaign, wherein the reporting comprises at least one of (i) causing a display device to display a report describing the at least one security vulnerability, and (ii) electronically transmitting a report describing the at least one security vulnerability. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification