A study on penetration testing process and tools

Shebli, Hessa Mohammed Zaher Al; Beheshti, Babak D.

doi:10.1109/lisat.2018.8378035

Cited by 68 publications

(41 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The OWASP pen-testing methodology [17] is followed to carry out the study. Figure 1 illustrates pen-testing processes step by step.…”

Section: Methodsmentioning

confidence: 99%

Security Defense Strategy for Cardiac Medical Diagnosis System (CMDS)

He¹,

Suxo²,

Luo³

et al. 2019

2019 Computing in Cardiology Conference (CinC)

View full text Add to dashboard Cite

The medical systems have been targeted by the cyber attackers. This paper is motivated by the recent attacks that have resulted in the compromise of diagnosis results. This study was undertaken to show how the Cardiac Medical Diagnosis Systems (CMDS) can be hacked and propose security recommendations to prevent such attacks. We build a simulation platform by implementing an open source medical system. We feed the ECGs data from the PhysioNet/Computing in Cardiology (CinC) Challenge 2017 to the open source medical system. We then follow the OWASP pen-testing methodology to perform the ethical hacking. The hacking was successful and we have identified a major vulnerability of the system related to authentication. Finally, we are able to gain access to the sensitive ECG data. We then proposed cyber recommendations to prevent such attacks. Future work will consider using a mature CMDS, such as the arrhythmia detection and classification in ambulatory ECGs to investigate how the core of the algorithms can be attacked and protected.

show abstract

“…The OWASP pen-testing methodology [17] is followed to carry out the study. Figure 1 illustrates pen-testing processes step by step.…”

Section: Methodsmentioning

confidence: 99%

Security Defense Strategy for Cardiac Medical Diagnosis System (CMDS)

He¹,

Suxo²,

Luo³

et al. 2019

2019 Computing in Cardiology Conference (CinC)

View full text Add to dashboard Cite

show abstract

“…Risk assessment automation have been proposed in the form of automated penetration testing frameworks (e.g. [9], [10], [11], [12], [13], [14], [15], [16], [17], and [18]). These automated tools are excellent resources for identifying vulnerabilities.…”

Section: Risk Assessment Automationmentioning

confidence: 99%

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Schmeelk

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Data breaches are occurring at an unprecedented rate.In February 2019 alone, over a million individuals were reported to the United States government as having been involved in a breach of their medical data by healthcare entities. Although many organizations have some policies, procedures and risk management components in place, few (if any) organizations are centrally connecting legal requirements, penetration tests, policies and procedures into a standardized and consistent methodology for further analysis and auditing. This research produces a new open source risk management standardized library coordinating the aforementioned risk management components. The new library is applied to an open source vulnerable web-application example to emphasize the benefits from the adoption of such a public standardized risk assessment library.

show abstract

“…Aktifitas peretasan sistem bukan berasal dari orang yang berada di luar organisasi saja, tetapi orang yang berada di dalam organisasi juga berpotensi melakukannya. Peretas biasanya menargetkan sistem informasi yang sudah mereka kenal dengan baik akses sebagai user [4]. User yang telah diberikan otorisasi untuk mengakses sistem, memiliki peluang yang besar untuk dapat meretas sistem tersebut.…”

Section: Pendahuluanunclassified

Meningkatkan Keamanan Sistem Informasi Puskesmas Terpadu dengan Metode Grey-Box Penetration Test Menggunakan Computer Assisted Audit Techniques

Pirsa

Sumijan

2020

jidt

View full text Add to dashboard Cite

Keamanan sistem informasi merupakan hal yang wajib diperhatikan oleh pemiliknya agar terhindar dari kejahatan siber. Sistem informasi yang memiliki kerentanan keamanan dapat mengancam infrastruktur penting suatu organisasi. Kerentanan keamanan adalah segala jenis celah yang memungkinkan penyerang untuk dapat masuk kedalam sistem secara illegal dan melakukan tidakan yang tidak diinginkan. Penetration test pada sistem informasi perlu dilakukan untuk memastikan keamanannya. Penelitian ini bertujuan untuk meningkatkan keamanan sistem informasi puskesmas terpadu Kota Payakumbuh sehingga data dan informasi yang ada terjamin keamanannya. Metode yang digunakan adalah grey box penetration test menggunakan computer assisted audit techniques. Hasil penelitian ini ditemukan 97 kerentanan kategori tinggi, 1 kerentanan kategori sedang dan 26 kerentanan kategori rendah. Dinas Komunikasi dan Informatika Kota Payakumbuh dapat memanfaatkan hasil penetration test sebagai referensi untuk meningkatkan keamanan sistem informasi puskesmas terpadu Kota Payakumbuh.

show abstract

A study on penetration testing process and tools

Cited by 68 publications

References 1 publication

Security Defense Strategy for Cardiac Medical Diagnosis System (CMDS)

Security Defense Strategy for Cardiac Medical Diagnosis System (CMDS)

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Meningkatkan Keamanan Sistem Informasi Puskesmas Terpadu dengan Metode Grey-Box Penetration Test Menggunakan Computer Assisted Audit Techniques

Contact Info

Product

Resources

About