The development of cloud applications raises several security concerns due to the lack of control over involved resources. Security testing is fundamental to identify the existing security issues and is particularly powerful when carried out by means of penetration testing techniques. Unfortunately, penetration testing requires a deep knowledge of the possible attacks and of the available hacking tools and is very energy demanding. In this paper, we present a methodology that allows to easily carry out a coarse-grained security evaluation of a cloud application by automating the set-up and execution of penetration tests. The methodology relies on the knowledge of the application architecture and on the availability of a catalogue including security-related data collected from multiple sources and properly correlated.

Towards automated penetration testing for cloud applications

Rak, Massimiliano;
2018

Abstract

The development of cloud applications raises several security concerns due to the lack of control over involved resources. Security testing is fundamental to identify the existing security issues and is particularly powerful when carried out by means of penetration testing techniques. Unfortunately, penetration testing requires a deep knowledge of the possible attacks and of the available hacking tools and is very energy demanding. In this paper, we present a methodology that allows to easily carry out a coarse-grained security evaluation of a cloud application by automating the set-up and execution of penetration tests. The methodology relies on the knowledge of the application architecture and on the availability of a catalogue including security-related data collected from multiple sources and properly correlated.
9781538669167
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11591/402538
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? ND
social impact