Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability.

Published byJustina Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability."— Presentation transcript:

1 Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small- and medium-sized enterprises Thomas Möller 1, Knut Bellin 2, Reiner Creutzburg 2 1 Assecor GmbH Storkower Straße 207 D Berlin, Germany 2Brandenburg University of Applied Sciences IT- and Media Forensics Lab, P.O.Box 2132 D Brandenburg, Germany Task The Task is the prototypical development of a program (code name Copra Breeder) that supports a penetration tester by generating checklists with procedures to be performed. These lists are based on predetermined by criteria that are generated and updated during the execution of the penetration test. Implementation Copra Breeder was implemented in Python and depicts the procedure according to the OSSTMM. It generates checklists against which security checks can be performed. To perform invasive tests with the program, scripts can be implemented that are loaded dynamically. Copra Breeder can import new information and thus can be extended. Structure of program Copra Breeder is modular. The individual modules are dependent only on the value of objects. These modules are: The GUI scripting engine, report generator, central control flow and data storage platforms. Process When performing penetration testing, the tester is based on so-called process models that describe the procedure in these tests. The best-known models are those of the BSI, NIST, PTEs and the OSSTMM. The "Open Source Security Testing Methodology Manual" (OSSTMM) is a scientific methodology for determining the operational safety. The tasks are organized hierarchically. There are the following stages: channel module, task (task). The channel is the region which is to be tested. There are five channels: "People", "Physical", “Wireless", “Telecommunications" and "Computer Networks". Modules are categories of tasks that must be performed to check a channel. There are 17 modules. Each channel has the same modules. The tasks are different for each channel. The modules are divided into four phases: induction phase, interaction phase, phase investigation, intervention phase tests. Applicability The functionality of the program was tested using scenarios that could be observed in companies. The selected scenarios cover various complexities, so one can test what types can be automated attacks carried out by the program. These scenarios are for example spoofing, hash collision attacks, checks for opens SMB drives, attacks on SMTP and ICQ and the attacks on a mobile devices. Conclusion The developed software Copra Breeder in particular, by its automatic and semi-automatic tests is a valuable support for the protection of a corporate networks. As described Copra Breeder for now is only suitable for securing mobile devices, but can be developed further. In particular the tools allows to support a company to implement good BYOD strategies. SPIE, Mobile Devices and Multimedia: Enabling Technologies, Algorithms, and Applications, San Francisco, February 2015, Vol. 9411

Download ppt "Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability."

Similar presentations

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
1.Data categorization 2.Information 3.Knowledge 4.Wisdom 5.Social understanding Which of the following requires a firm to expend resources to organize.

1.Data categorization 2.Information 3.Knowledge 4.Wisdom 5.Social understanding Which of the following requires a firm to expend resources to organize.
© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.

© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture Nine Database Planning, Design, and Administration

Lecture Nine Database Planning, Design, and Administration
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Installing software on personal computer

Installing software on personal computer
© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.

© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2013 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
8 7 6 5 4 3 2 1 PRESENTATION START.

PRESENTATION START.
0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.

0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
Overview of the Database Development Process

Overview of the Database Development Process
Appendix 2 Automated Tools for Systems Development © 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 2 Slide 1.

Appendix 2 Automated Tools for Systems Development © 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 2 Slide 1.
Heliocentris Commercial Confidential 1 Integration of Industrial Fuel Cells in Technical Applications Using the NEXA ® Training System Dr. Claus Fischer.

Heliocentris Commercial Confidential 1 Integration of Industrial Fuel Cells in Technical Applications Using the NEXA ® Training System Dr. Claus Fischer.
Chapter 3 - 1 Intranet Agents. Chapter 3 - 2 Background Intranet: an internal corporate network based on Internet technology. Typically, an intranet can.

Chapter Intranet Agents. Chapter Background Intranet: an internal corporate network based on Internet technology. Typically, an intranet can.
Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen www.cs.bgu.ac.il/~adishach.

Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen
Chapter 14 Enterprise Computing.

Chapter 14 Enterprise Computing.
1 Chapter 9 Database Design. 2 2 In this chapter, you will learn: That successful database design must reflect the information system of which the database.

1 Chapter 9 Database Design. 2 2 In this chapter, you will learn: That successful database design must reflect the information system of which the database.

Similar presentations

Ads by Google