External footprinting security assessments: Combining the PTES framework with open-source tools to conduct external footprinting security assessments

Author

Dinis, Bruno ; Serrao, Carlos

Author_Institution

ISCTE-IUL/ADETTI-IUL, Lisbon, Portugal

fYear

2014

fDate

10-12 Nov. 2014

Firstpage

313

Lastpage

318

Abstract

One of the first phases, and one of the most important ones, in a security assessment activity (either legitimate or not) consists in the information gathering about a specific target. Information gathering, also recognized as footprinting, is the process of collecting all accessible information about that specific target. In a security assessment, the importance of this phase is clamorous and involves the examination, collection and classification of large volumes of data from the target network. The Penetration Testing Execution Standard (PTES), although still in an early and definition stage, provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner. The focus of this article consists in the analysis of the PTES and its recommendations on what concerns footprinting processes and to provide some contributions in terms of the practical applicability of the PTES recommendations.

Keywords

program testing; public domain software; security of data; PTES framework; PTES recommendation; conduct penetration-testing assessment; external footprinting security assessment; information gathering; open-source tool; penetration testing execution standard; security assessment activity; IP networks; Organizations; Ports (Computers); Reconnaissance; Servers; Testing; PTES; footprinting; network vulnerabilities; penetration testing; pentests;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Society (i-Society), 2014 International Conference on

Conference_Location

London

Type

conf

DOI

10.1109/i-Society.2014.7009066

Filename

7009066