Home // CYBER 2018, The Third International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Saed Alavi
Niklas Bessler
Michael Massoth
Keywords: Security analysis; penetration test; vulnerability scan.
Abstract:
Security analysis can be done through different types of methods, which include manual penetration testing and automated vulnerability scans. These two different approaches are often confused and believed to result in the same value. To evaluate this, we have build a lab with several prepared vulnerabilities to simulate a typical small and medium-sized enterprise. Then, we performed a real penetration test on the lab, and a vulnerability scan as well, and then compared the results. Our conclusion shows, that the results obtained through both types of security analysis are highly distinct. They differ in time expenditure and false-positive rate. Most importantly, we have seen a remarkable higher false-negative rate in the vulnerability scan, which suggests that automated methods cannot replace manual penetration testing. However, the combination of both methods is a conceivable approach.
Pages: 1 to 6
Copyright: Copyright (c) IARIA, 2018
Publication date: November 18, 2018
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-61208-683-5
Location: Athens, Greece
Dates: from November 18, 2018 to November 22, 2018