EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods

Kamal Uddin Sarker (), Farizah Yunus and Aziz Deraman
Additional contact information
Kamal Uddin Sarker: Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia
Farizah Yunus: Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia
Aziz Deraman: Informatics, FTKKI, Universiti Malaysia Terengganu, Kuala Terengganu 21030, Malaysia

Sustainability, 2023, vol. 15, issue 13, 1-26

Abstract: Cyber attackers are becoming smarter, and at the end of the day, many novel attacks are hosted in the cyber world. Security issues become more complex and critical when the number of services and subscribers increases due to advanced technologies. To ensure a secure environment, cyber professionals suggest reviewing the information security posture of the organization regularly via security experts, which is known as penetration testing. A pen tester executes a penetration test of an organization according to the frameworks and standardization guidelines. Security breaches of the system, loopholes in OS or applications, network vulnerabilities, and breaking data integration scopes are identified, and appropriate remediation is suggested by a pen tester team. The main aim of a penetration process is to fix the vulnerabilities prior to the attack in tangible and intangible resources. Firstly, this review work clarifies the penetration conception and is followed by the taxonomy of penetration domains, frameworks, standards, tools, and scoring methods. It performs a comparison study on the aforementioned items that develops guidelines for selecting an appropriate item set for the penetration process according to the demand of the organization. This paper ends with a constructive observation along with a discussion on recent penetration trends and the scope of future research.

Keywords: vulnerability; cybersecurity; penetration testing; quality of service; sustainability (search for similar items in EconPapers)
JEL-codes: O13 Q Q0 Q2 Q3 Q5 Q56 (search for similar items in EconPapers)
Date: 2023
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2071-1050/15/13/10471/pdf (application/pdf)
https://www.mdpi.com/2071-1050/15/13/10471/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jsusta:v:15:y:2023:i:13:p:10471-:d:1185857

Access Statistics for this article

Sustainability is currently edited by Ms. Alexandra Wu

More articles in Sustainability from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jsusta:v:15:y:2023:i:13:p:10471-:d:1185857