Detalhes bibliográficos
| Ano de defesa: |
2019 |
| Autor(a) principal: |
Bertoglio, Daniel Dalalana
 |
| Orientador(a): |
Zorzo, Avelino Francisco
|
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Tese
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Pontifícia Universidade Católica do Rio Grande do Sul
|
| Programa de Pós-Graduação: |
Programa de Pós-Graduação em Ciência da Computação
|
| Departamento: |
Escola Politécnica
|
| País: |
Brasil
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
http://tede2.pucrs.br/tede2/handle/tede/8816
|
Resumo: |
Nowadays, companies have more systems integration on the Internet and their ap- plications deal with sensitive data. Thus, providing methods to ensure the security of the data and assets, considering the level of information exposure, is a mandatory requirement. As a way to protect and mitigate the high number of security incidents that arise from the business context, security testing has been applied to assess the existence of vulnerabilities in the target scenarios. One of the known tests of this category is the Penetration Test (Pen- test), which approximates the reality of attacks by simulating the behavior of an attacker. Considering the specific characteristics that differ the penetration tests from the other tests, methodologies have been established in an attempt to standardize the processes and sup- port the test executor (tester) through standards and guidelines. However, the methodolo- gies that are most widespread in the security community seek to meet the criteria of other types of security testing, sometimes disregarding the particularities of a Pentest. There- fore, this work proposes the construction of a framework called Tramonto. This framework, based on the main methodologies applied to security testing, aims to help the testers in Pen- tests execution in order to provide better organization, standardization, and flexibility in the test workflow. Some studies were conducted with security test professionals to validate the propositions suggested by Tramonto, supported by the Tramonto-App web application. The results achieved through these studies confirm the importance of the framework supporting the testers, and also indicate the direction and other possibilities in the Pentest area. |
