Akademik Veri Yönetim Sistemi
Tezin Türü: Yüksek Lisans
Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Enformatik Enstitüsü, Bilişim Sistemleri Anabilim Dalı, Türkiye
Tezin Onay Tarihi: 2015
Öğrenci: EMRE ÇALIŞKAN
Danışman: NAZİFE BAYKAL
Özet:Vulnerability scanning, penetration testing, and manual auditing are ways of finding vulnerabilities in organizations. However, they have some limitations like time, accuracy, testers’ ability, etc. Virtual penetration testing aims to alleviate these limitations. By virtual penetration testing, it is intended to assess security controls corresponding to the vulnerabilities found by vulnerability scanning, and correlating assessment result with vulnerabilities. Consequently, correlation will enable to find exploitable vulnerabilities and to make a reliable prioritization between the vulnerabilities. Since security control assessments are done in compliance with the cyber-attack phases, obtained results provide opportunity to create possible attack paths. In order to realize virtual penetration testing, a generic cyber-attack model is proposed and an experiment lab is established. In the experiment, security controls, corresponding to the attack phases, are tested. As a result of experiment, it is observed that, limitations of vulnerability scanning and penetration testing can reduced by using virtual penetration testing.