Publication detail

Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists

LAZAROV, W. ŠEDA, P. MARTINÁSEK, Z. KÜMMEL, R.

Original Title

Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists

Type

journal article in Web of Science

Language

English

Original Abstract

In the contemporary landscape of cybersecurity, the importance of effective penetration testing is underscored by NIS2, emphasizing the need to assess and demonstrate cyber resilience. This paper introduces an innovative approach to penetration testing that employs interactive checklists, supporting both manual and automated tests, as demonstrated within the Penterep environment. These checklists, functioning as a quantifiable measure of test completeness, guide pentesters through methodological testing, addressing the inherent challenges of the security testing domain. While some may perceive a limitation in the dependency on predefined checklists, the results from a presented case study underscore the criticality of methodological testing. The study reveals that relying solely on fully automated tools would be inadequate to identify all vulnerabilities and flaws without the inclusion of manual tests. Our innovative approach complements established methodologies, such as PTES, OWASP, and NIST, providing crucial support to penetration testers and ensuring a comprehensive testing process. Implemented within the Penterep environment, our approach is designed with deployment flexibility (both on-premises and cloud-based), setting it apart through an overview comparison with existing tools aligned with state-of-the-art penetration testing approaches. This flexible and scalable approach effectively bridges the gap between manual and automated testing, meeting the increasing demands for effectiveness and adaptability in penetration testing.

Keywords

Checklists; Cybersecurity; Ethical hacking; Methodology; Penetration testing; Reporting; Vulnerability assessment

Authors

LAZAROV, W.; ŠEDA, P.; MARTINÁSEK, Z.; KÜMMEL, R.

Released

17. 3. 2025

Publisher

Elsevier

ISBN

1872-6208

Periodical

COMPUTERS & SECURITY

Year of study

154

Number

7

State

United Kingdom of Great Britain and Northern Ireland

Pages from

1

Pages to

16

Pages count

16

URL

https://www.sciencedirect.com/science/article/pii/S0167404825000884

Full text in the Digital Library

http://hdl.handle.net/11012/250881

BibTex

@article{BUT197057,
  author="Willi {Lazarov} and Pavel {Šeda} and Zdeněk {Martinásek} and Roman {Kümmel}",
  title="Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists",
  journal="COMPUTERS & SECURITY",
  year="2025",
  volume="154",
  number="7",
  pages="1--16",
  doi="10.1016/j.cose.2025.104399",
  issn="1872-6208",
  url="https://www.sciencedirect.com/science/article/pii/S0167404825000884"
}