Publicação
External footprinting security assessments: Combining the PTES framework with open-source tools to conduct external footprinting security assessments
| Resumo: | security assessment activity (either legitimate or not) consists in the information gathering about a specific target. Information gathering, also recognized as footprinting, is the process of collecting all accessible information about that specific target. In a security assessment, the importance of this phase is clamorous and involves the examination, collection and classification of large volumes of data from the target network. The Penetration Testing Execution Standard (PTES), although still in an early and definition stage, provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner. The focus of this article consists in the analysis of the PTES and its recommendations on what concerns footprinting processes and to provide some contributions in terms of the practical applicability of the PTES recommendations. |
|---|---|
| Autores principais: | Serrão, C. |
| Outros Autores: | Dinis, B |
| Assunto: | Penetration testing Pentests Network vulnerabilities PTES Footprinting |
| Ano: | 2014 |
| País: | Portugal |
| Tipo de documento: | documento de conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | ISCTE |
| Idioma: | inglês |
| Origem: | Repositório ISCTE |
| Resumo: | security assessment activity (either legitimate or not) consists in the information gathering about a specific target. Information gathering, also recognized as footprinting, is the process of collecting all accessible information about that specific target. In a security assessment, the importance of this phase is clamorous and involves the examination, collection and classification of large volumes of data from the target network. The Penetration Testing Execution Standard (PTES), although still in an early and definition stage, provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner. The focus of this article consists in the analysis of the PTES and its recommendations on what concerns footprinting processes and to provide some contributions in terms of the practical applicability of the PTES recommendations. |
|---|