Compliance Based Penetration Testing as a Service

Authors

Srinivasulu R. Vuggumudi, Dakota State University
Kaushik Ragothaman, Updated - AISFollow
Yong Wang, Dakota State University

Document Type

Conference Proceeding

Publication Date

5-5-2022

Abstract

The current penetration testing method practiced in the information systems domain is insufficient to protect information systems. Penetration testing is part of the final acceptance criteria before the system is released into a production environment. Once the system is in production, the environment and configuration are bound to change for various reasons, especially in cloud environments. This change can create vulnerabilities, and hackers take advantage of them. In cloud service models like PaaS, security is a shared responsibility of tenant and provider, and it is challenging to perform penetration testing. This paper introduces a new method called Compliance Based Penetration Testing (CBPT). The CBPT method explicitly targets PaaS environments to identify critical issues in cloud-based environments. As the cloud is the way moving forward, this approach will be beneficial and save effort and cost for all cloud consumers.

Recommended Citation

Vuggumudi, Srinivasulu; Ragothaman, Kaushik; and Wang, Yong, "Compliance Based Penetration Testing as a Service" (2022). MWAIS 2022 Proceedings. 25. https://aisel.aisnet.org/mwais2022/25