Fioravanti, Mark – High Volume Automated Testing in Security Testing

HiVAT offers potential advantages to the security field as it allows
security testers to identify and locate potential security flaws quicker and
more accurately than standard techniques.  The security testing community
needs tools which will allow them to counter the asymmetrical nature of
security, in which the adversary potentially only needs to exploit a single
flaw to achieve their goal but the defender must mitigate all
vulnerabilities to achieve their goal.  Three main testing areas exist
within the field of security: compliance/certification testing, penetration
testing/ethical hacking and vulnerability research.

HiVAT techniques are used within the penetration testing/ethical hacking
and vulnerability research areas.  Compliance/certification testing is not
able to leverage these techniques as the information objectives are
different than the other two areas of testing.  Even though this technique
is used, it may be subject to the misconception that HiVAT is simply just
repeatedly running a large number of small tests.  HiVAT can be effectively
leveraged for vulnerability identification, countermeasure/filter evasion,
and lastly exploitation resulting in security tests which are more thorough
than common assessment techniques.

HiVAT and Security Testing Presentation

2 Responses to Fioravanti, Mark – High Volume Automated Testing in Security Testing

  1. Pingback: High Volume Automated Testing in Security Testing | eCultist

  2. Pingback: Context Driven Testing » The Insapience of Anti-Automationism

Comments are closed.