A. Podzolkov, V. Kharchenko
Èlektron. model. 2024, 46(2):43-59
https://doi.org/10.15407/emodel.46.02.043
ABSTRACT
The methods of assessing the security of information systems (IS) with the help of special means of penetration testing (PT) and services that provide the corresponding tools (Penetration Testing as a Service, PTaaS) are analyzed. The indicators to compare PTaaS tools and services are substantiated, namely: provision of a report on compliance of the tested product with data protection requirements, availability of security certificates, use of appropriate testing methodologies, etc. A method has been developed for selecting a PTaaS service according to the customer’s requirements to increase IS cyber security by improving the completeness and reliability of penetration testing, as well as reducing the search time for PT tools. A cloud service is proposed that supports the implementation of the method and provides the option of choosing PTaaS. It was determined that the use of the proposed method and service enables users to quickly and conveniently choose PTaaS according to the requirements and work model of organizations or digital products.
KEYWORDS
cybersecurity, penetration testing, penetration testing as a service, data security, PTaaS choice.
REFERENCES
- IBM. (2023). Cost of a Data Breach Report 2023. https://www.ibm.com/downloads/cas/E3G5JMBP
- Dalalana Bertoglio, D., Zorzo, A. (2017). Overview and open issues on penetration test. J Braz Comput Soc, 23(2).
https://doi.org/10.1186/s13173-017-0051-1 - Aileen G,B., Xiaohong, Y., Bei, T., Bill, C., Monique, J. (2011). An Overview of Penetration Testing. International Journal of Network Security & Its Applications, 3(6), 19-38.
https://doi.org/10.5121/ijnsa.2011.3602 - Ralph, L., Thomas, M. (2012). Сloud penetration testing. International Journal on Cloud Computing: Services and Architecture (IJCCSA), 2(6).
https://doi.org/10.5121/ijccsa.2012.2604 - Altulaihan, E.A., Alismail, A., Frikha, M. (2023). A Survey on Web Application Penetration Testing. Electronics, 12(5).
https://doi.org/10.3390/electronics12051229 - (n.d.). OWASP Testing Guide. https://owasp.org/www-project-web-security-testing-guide/v42/
- (2017). CREST Penetration Testing Guide. https://www.crest-approved.org/wp-content/uploads/2022/04/CREST-Penetration-Testing-Guide-1.pdf
- Li, Y., Wang, Y., Xiong, X., Zhang, J., Yao, Q. (2022). An Intelligent Penetration Test Simulation Environment Construction Method Incorporating Social Engineering Factors. Applied Sciences. 12(12).
https://doi.org/10.3390/app12126186 - Ghanem, M.C., Chen, T.M. (2020). Reinforcement Learning for Efficient Network Penetration Testing. 11(6).
https://doi.org/10.3390/info11010006 - Chenxi, W. (2022). The PtaaS Book: The A-Z of Pentest as a Service. AimPoint Group, LLC.
- Software Testing Help. (2024). Top 10 Pen Testing as a Service (PTaaS) Providers in 2024. https://www.softwaretestinghelp.com/top-pen-testing-as-a-service-providers/
- Podzolkov, A.V. (n.d.) Penetration testing service suggestion tool. https://leftchameleon.bubbleapps.io/version-test
- Abakumov, A.I., Kharchenko, V.S. (2023). Combining Experimental and Analytical Methods for Penetration Testing of AI-Powered Robotic Systems. COLINS-2023: 7th International Conference on Computational Linguistics and Intelligent Systems. National Aerospace University «Kharkiv Aviation Institute». https://ceur-ws.org/Vol-3403/paper40.pdf
- Tarasyuk, O.M., Kharchenko, V.S. (2003). Dynamic radial metric diagrams in software quality management problems. Collection of scientific works to G.E. Pukhov Institute of Modeling Problems in Energy. (22), 202-205.
- Abakumov, A.I., Kharchenko V.S. (2023). Analytical and Experimental Methods for assessing safety and cybersecurity robotic systems. Methods and technologies for providing quality and safety of intelligent systems. Yuston.