Invention Grant
- Patent Title: System and method for extending automated penetration testing to develop an intelligent and cost efficient security strategy
- Patent Title (中): 扩展自动渗透测试的系统和方法,开发智能和成本效益的安全策略
-
Application No.: US12851516Application Date: 2010-08-05
-
Publication No.: US08490196B2Publication Date: 2013-07-16
- Inventor: Jorge Lucangeli Obes , Carlos Emilio Sarraute Yamada , Gerardo Gabriel Richarte
- Applicant: Jorge Lucangeli Obes , Carlos Emilio Sarraute Yamada , Gerardo Gabriel Richarte
- Applicant Address: US MA Boston
- Assignee: Core Security Technologies
- Current Assignee: Core Security Technologies
- Current Assignee Address: US MA Boston
- Agency: Sheehan Phinney Bass + Green PA
- Agent Peter A. Nieves
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00
Abstract:
A system and method for extending automated penetration testing of a target network is provided. The method comprises: computing a scenario, comprises the steps of: translating a workspace having at least one target computer in the target network, to a planning definition language, translating penetration modules available in a penetration testing framework to a planning definition language, and defining a goal in the target network and translating the goal into a planning definition language; building a knowledge database with information regarding the target network, properties of hosts in the network, parameters and running history of modules in the penetration testing framework; and running an attack plan solver module, comprising: running an attack planner using the scenario as input, to produce at least one attack plan that achieves the goal, and executing actions defined in the at least one attack plan against the target network from the penetration testing framework.
Public/Granted literature
Information query
