System and method for extending automated penetration testing to develop an intelligent and cost efficient security strategy

Assignee

• Core Security Technologies · US

Inventors

• Jorge Lucangeli Obes · Olavarría, AR
• Carlos Emilio Sarraute Yamada · Olavarría, AR
• Gerardo Gabriel Richarte · Olavarría, AR

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for extending automated penetration testing of a target network is provided. The method comprises: computing a scenario, comprises the steps of: translating a workspace having at least one target computer in the target network, to a planning definition language, translating penetration modules available in a penetration testing framework to a planning definition language, and defining a goal in the target network and translating the goal into a planning definition language; building a knowledge database with information regarding the target network, properties of hosts in the network, parameters and running history of modules in the penetration testing framework; and running an attack plan solver module, comprising: running an attack planner using the scenario as input, to produce at least one attack plan that achieves the goal, and executing actions defined in the at least one attack plan against the target network from the penetration testing framework.