Title :
External footprinting security assessments: Combining the PTES framework with open-source tools to conduct external footprinting security assessments
Author :
Dinis, Bruno ; Serrao, Carlos
Author_Institution :
ISCTE-IUL/ADETTI-IUL, Lisbon, Portugal
Abstract :
One of the first phases, and one of the most important ones, in a security assessment activity (either legitimate or not) consists in the information gathering about a specific target. Information gathering, also recognized as footprinting, is the process of collecting all accessible information about that specific target. In a security assessment, the importance of this phase is clamorous and involves the examination, collection and classification of large volumes of data from the target network. The Penetration Testing Execution Standard (PTES), although still in an early and definition stage, provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner. The focus of this article consists in the analysis of the PTES and its recommendations on what concerns footprinting processes and to provide some contributions in terms of the practical applicability of the PTES recommendations.
Keywords :
program testing; public domain software; security of data; PTES framework; PTES recommendation; conduct penetration-testing assessment; external footprinting security assessment; information gathering; open-source tool; penetration testing execution standard; security assessment activity; IP networks; Organizations; Ports (Computers); Reconnaissance; Servers; Testing; PTES; footprinting; network vulnerabilities; penetration testing; pentests;
Conference_Titel :
Information Society (i-Society), 2014 International Conference on
Conference_Location :
London
DOI :
10.1109/i-Society.2014.7009066
