Quantitative Penetration Testing with Item Response Theory (extended version)

Existing penetration testing approaches assess the vulnerability of a system by determining whether certain attack paths are possible in practice. Thus, penetration testing has so far been used as a qualitative research method. To enable quantitative approaches to security risk management, including decision support based on the cost...

Quantitative penetration testing with item response theory

Existing penetration testing approaches assess the vulnerability of a system by determining whether certain attack paths are possible in practice. Therefore, penetration testing has thus far been used as a qualitative research method. To enable quantitative approaches to security risk management, including decision support based on the cost...

Black-Box assessment of Web systems security

Many companies rely on Web applications to promote their services to the world. It is a logical step, as the Web offers great advantages such as convenience, low cost and instant reachability from anywhere in the world. Meanwhile Web applications tend to be implemented in an insecure way and the attacker does not even need to be too experienced...