System and method for providing automated computer security compromise as a service
First Claim
1. A system for providing automated computer security compromise as a service, running within a cloud computing environment, the system comprising:
- a web server having a web front end running on the web server, wherein users connect to the web server via the web front end, and wherein the web server has stored therein pentest definitions created by the users through use of the web front end;
wherein the web server further comprises a computer-based command and control component which processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors different portions of the system, wherein the portions of the system are selected from the group consisting of at least one computer-based penetration tester component and at least one computer-based report generator component,wherein the command and control component interacts with the cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns the task tickets to the penetration tester components and to the report generator components,at least one of the computer-based penetration tester components runs a penetration testing framework, the penetration tester component being configured to run penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets built by the command and control component;
at least one of the computer-based report generator components generates reports based on the reporting tasks tickets built by the command and control service; and
a central database including memory for storing pentest results wherein results are isolated by the central database for each front end user.
11 Assignments
0 Petitions
Accused Products
Abstract
A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.
-
Citations
17 Claims
-
1. A system for providing automated computer security compromise as a service, running within a cloud computing environment, the system comprising:
-
a web server having a web front end running on the web server, wherein users connect to the web server via the web front end, and wherein the web server has stored therein pentest definitions created by the users through use of the web front end; wherein the web server further comprises a computer-based command and control component which processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors different portions of the system, wherein the portions of the system are selected from the group consisting of at least one computer-based penetration tester component and at least one computer-based report generator component, wherein the command and control component interacts with the cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns the task tickets to the penetration tester components and to the report generator components, at least one of the computer-based penetration tester components runs a penetration testing framework, the penetration tester component being configured to run penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets built by the command and control component; at least one of the computer-based report generator components generates reports based on the reporting tasks tickets built by the command and control service; and a central database including memory for storing pentest results wherein results are isolated by the central database for each front end user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing automated security compromise as a service, the method comprising:
-
interacting with a user to define and assess assets the user can test; creating a pentest definition by selecting a set of target computers and web applications from a web front end and setting up parameters for a pentest; submitting the pentest definition to a command and control service which defines pentest and reporting task tickets, wherein the pentest and reporting task tickets include penetration testing modules to run, the parameters required by the modules and in particular a target of the penetration testing module; monitoring a status of a system'"'"'s components and scaling up or down penetration testing instances and reporting instances with a computer-based command and control component; each penetration testing instance executing the modules detailed in one of the pentest tickets and according to the parameters included in the pentest tickets; each reporting instance executing reporting tasks detailed in one of the reporting task tickets and according to the parameters included in the reporting task tickets; defining a ticket as closed once a reporting or penetration testing instance finishes running underlying penetration testing or reporting modules. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification