- Patent Title: Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign
-
Application No.: US16186557Application Date: 2018-11-11
-
Publication No.: US10367846B2Publication Date: 2019-07-30
- Inventor: Boaz Gorodissky , Adi Ashkenazy , Ronen Segal , Menahem Lasser
- Applicant: XM CYBER LTD.
- Applicant Address: IL Hertzliya
- Assignee: XM Cyber Ltd.
- Current Assignee: XM Cyber Ltd.
- Current Assignee Address: IL Hertzliya
- Agency: Fourth Dimension IP
- Agent Marc Van Dyke
- Main IPC: G06F7/04
- IPC: G06F7/04 ; H04L29/06 ; H04L12/26
Abstract:
Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation.
Public/Granted literature
Information query
