Network Penetration Testing Scheme Description Language

Penetration testing is widely used to help ensure the security of the network. Traditional penetration testings were manually performed by tester according to scheme, the process is usually complex resulting in that it is labor-intensive and requires tester to be familiar with all kind of tools. So it is very desirable to use a unified method to describe the scheme which can be identified by computer, then the computer can be used to substitute for tester to perform penetration testing. A new method is presented to describe penetration testing scheme. We propose a language for tester to describe the penetration testing scheme. Based on the conceptual model of penetration testing scheme we design the penetration testing scheme description language (PTSDL) and outline the important EBNF. PTSDL is declarative abstracting the process of penetration testing which makes this language flexible, extensible and adaptable to new penetration testing method. Use of this language is illustrated by an experimental study, which shows that the language can effectively describe the penetration testing scheme.