Network security testing
First Claim
1. A network security testing apparatus comprising:
- at least one first tester for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test, the at least one first tester is adapted to communicably couple to the network system under test, said at least one first tester adapted to iteratively perform a plurality of waves of tests on the system under test to obtain network security vulnerability information;
wherein each test in the plurality of waves of tests are adapted to return the network security vulnerability information regarding the network system under test, the network security vulnerability information provided by each test in the plurality of waves of tests being more specific to the network system under test than the network security vulnerability information provided by a previous test;
wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test.
4 Assignments
0 Petitions
Accused Products
Abstract
To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment'"'"'s physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.
-
Citations
34 Claims
-
1. A network security testing apparatus comprising:
-
at least one first tester for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test, the at least one first tester is adapted to communicably couple to the network system under test, said at least one first tester adapted to iteratively perform a plurality of waves of tests on the system under test to obtain network security vulnerability information; wherein each test in the plurality of waves of tests are adapted to return the network security vulnerability information regarding the network system under test, the network security vulnerability information provided by each test in the plurality of waves of tests being more specific to the network system under test than the network security vulnerability information provided by a previous test; wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network security testing method comprising:
-
a) executing a first wave of tests in a security vulnerability attack simulation by at least one first tester to test for network security vulnerabilities of a network system under test, wherein the first wave of tests is targeted at the network system under test, and wherein the at least one first tester is communicably coupled to the network system under test; b) receiving first information from the first wave of tests about the network system under test, after executing the first wave of tests, the first information comprising network security vulnerability information; c) executing a second wave of tests in a security vulnerability attack simulation to test for the network vulnerabilities of the network system under test after said receiving first information, wherein the second wave of tests is specifically modified in real time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the first wave of tests and obtain additional network security vulnerability information from the network system under test based on the first information, the additional network security vulnerability information is more specific to the network system under test than the first information; d) receiving the additional network security vulnerability information from the second wave of tests about the network system under test, after executing the second wave of tests; e) repeating steps a)-d) a plurality of times until relevant information about the system under test has been collected; and f) wherein the network security vulnerability information obtained from each subsequent wave of tests is more specific to the system under test based on the network security vulnerability information provided by each previous test. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
a) instructions for executing a first wave of tests in a security vulnerability attack simulation by at least one first tester to test for network security vulnerabilities of a network system under test, wherein the first wave of tests is targeted at the network system under test, and wherein the at least one first tester is communicably coupled to the network system under test; b) instructions for receiving first information from the first wave of tests about the network system under test, after executing the first wave of tests, the first information comprising network security vulnerability information; c) instructions for executing a second wave of tests to test for the network security vulnerabilities of the network system undet test after said receiving first information, wherein the second wave of tests is specifically modified in real time to adapt to the discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the first wave of tests and obtain additional network security vulnerability information from to the network system under test based on the first information, the additional network security vulnerability information is more specific to the network system under test than the first information; d) instructions for receiving the additional network security vulnerability information from the second wave of tests about the network system under test, after executing the second wave of tests; e) instructions for repeating steps a)-d) a plurality of times until all relevant information about the system under test has been collected; and f) instructions for wherein the network security vulnerability information obtained from each subsequent wave of tests is more specific to the system under test based on thc network security vulnerability information provided by each previous test. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A network security testing apparatus comprising:
-
a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information; wherein each of said plurality of testers is adapted to communicably couple to the network system under test; wherein a test of the network system under test is performed by a selected tester of said plurality of testers, said selection of said selected tester to adapt in real time to discovered security obstacles of the network system wider test based on the network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from the network system under test; wherein said plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of said plurality of testers; and wherein the selected tester is selected from said plurality of testers based additionally on optimizing the load balance characteristic. - View Dependent Claims (26, 27)
-
-
28. A network security testing method comprising:
-
selecting at least one tester from a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information, said selection of said at least one tester to adapt in real time is modified to discovered security obstacles of the network system under test detected based on network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from network system under test; executing a test by the selected tester, wherein the test is targeted at a the network system under test, and wherein the selected tester is communicably coupled to the network system under test; wherein the plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of the plurality of testers; and wherein said selecting a selected tester from a plurality of testers is further based at least partially on optimizing the load balance characteristic. - View Dependent Claims (29, 30)
-
-
31. A computer program product for network security testing stored in a computer-readable medium, comprising:
-
instructions for at least one selected tester from a plurality of testers for generating a security vulnerability attack simulation comprised of a plurality of waves of tests for iteratively testing for network security vulnerabilities of a network system under test to obtain network security vulnerability information, said selection of said at least one tester to adapt in real time is modified to discover security obstacles of the network system under test detected based on network security vulnerability information gained from a previous test to obtain more specific network security vulnerability information from network system under test; instructions for executing a test by the selected tester, wherein the test is targeted at a system tinder test, and wherein the selected tester is communicably coupled to the network system under test; wherein the plurality of testers has a load balance characteristic describing a degree of balance of loads of testers of the plurality of testers; and wherein the selecting a selected tester from a plurality of testers is further based at least partially on optimizing the load balance characteristic. - View Dependent Claims (32, 33)
-
-
34. A network security testing apparatus comprising:
-
at least one first tester that is adapted to communicably couple to a network system under test to generate a security vulnerability attack simulation comprised of a plurality of waves of tests to perform network security vulnerability testing, wherein said at least one first tester is adapted to iteratively perform a plurality of waves of tests on the network system under test to obtain network security vulnerability information on the network system under test; wherein each test in the plurality of waves of tests are specifically modified in real-time to adapt to discovered security obstacles of the network system under test detected based on the network security vulnerability information gained from the previous test and to obtain additional network security vulnerability information from the network system under test; wherein said at least one first tester is adapted to make a first attempt to communicably couple to the network system under test before executing the test to obtain network security vulnerability information; wherein said at least one first tester is adapted to make a second attempt to communicably couple to the system under test alter executing the test to obtain network security vulnerability information; and wherein the combination of success of the first attempt and failure of the second attempt are interpreted as detection of the test by the network system under test; wherein the combination of success of the first attempt and failure of the second attempt are interpreted as detection of the test by the network system under test.
-
Specification