A methodology for automated penetration testing of cloud applications. (3rd February 2020)
- Record Type:
- Journal Article
- Title:
- A methodology for automated penetration testing of cloud applications. (3rd February 2020)
- Main Title:
- A methodology for automated penetration testing of cloud applications
- Authors:
- Casola, Valentina
Benedictis, Alessandra De
Rak, Massimiliano
Villano, Umberto - Abstract:
- Security assessment is a very time- and money-consuming activity. It needs specialised security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is a typically human-driven procedure that requires a deep knowledge of the possible attacks to carry out and of the hacking tools that can be used to launch the tests. In this paper, we present a methodology that enables the automation of penetration testing techniques based on both application-level models, used to represent the application architecture and its security properties in terms of applicable threats, vulnerabilities and weaknesses, and on system-level models, adopted to automatically generate and execute the penetration testing activities. The proposed methodology can be easily integrated into a continuous integration development process and aid software developers in evaluating security.
- Is Part Of:
- International journal of grid and utility computing. Volume 11:Number 2(2020)
- Journal:
- International journal of grid and utility computing
- Issue:
- Volume 11:Number 2(2020)
- Issue Display:
- Volume 11, Issue 2 (2020)
- Year:
- 2020
- Volume:
- 11
- Issue:
- 2
- Issue Sort Value:
- 2020-0011-0002-0000
- Page Start:
- 267
- Page End:
- 277
- Publication Date:
- 2020-02-03
- Subjects:
- cloud application security assessment -- cloud application penetration testing -- automated penetration testing modelling -- automated penetration testing execution
Electronic data processing -- Distributed processing -- Periodicals
Electronic commerce -- Management -- Computer programs -- Periodicals
004.605 - Journal URLs:
- http://www.inderscience.com/ ↗
http://www.inderscience.com/jhome.php?jcode=ijguc ↗ - Languages:
- English
- ISSNs:
- 1741-847X
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 12603.xml