The development of cloud applications raises several security concerns due to the lack of control over involved resources. Security testing is fundamental to identify the existing security issues and is particularly powerful when carried out by means of penetration testing techniques. Unfortunately, penetration testing requires a deep knowledge of the possible attacks and of the available hacking tools and is very energy demanding. In this paper, we present a methodology that allows to easily carry out a coarse-grained security evaluation of a cloud application by automating the set-up and execution of penetration tests. The methodology relies on the knowledge of the application architecture and on the availability of a catalogue including security-related data collected from multiple sources and properly correlated.
Towards automated penetration testing for cloud applications
Rak, Massimiliano;
2018
Abstract
The development of cloud applications raises several security concerns due to the lack of control over involved resources. Security testing is fundamental to identify the existing security issues and is particularly powerful when carried out by means of penetration testing techniques. Unfortunately, penetration testing requires a deep knowledge of the possible attacks and of the available hacking tools and is very energy demanding. In this paper, we present a methodology that allows to easily carry out a coarse-grained security evaluation of a cloud application by automating the set-up and execution of penetration tests. The methodology relies on the knowledge of the application architecture and on the availability of a catalogue including security-related data collected from multiple sources and properly correlated.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
