ASSESSMENT OF THE COMPLETENESS OF THE METHODS USED IN EXTERNAL PENETRATION TESTING

The problems of completeness and quality of the methods used in conducting penetration testing are considered. It is shown that the main factor determining the list of such works is the terms of reference, which, as a rule, is proposed by the Contractor and is compiled from proposals to reduce his labor costs. At the same time, it is usually difficult for the Customer to assess the completeness and, as a result, the quality of such work. The article proposes a new tool for assessing the completeness and quality of the methods used for conducting penetration testing, and formulates the problems of choosing methods for penetration testing, taking into account the capabilities of the intruder. A model for assessing the completeness of the methods used in external penetration testing based on a multipole graph is presented. The given example demonstrates the effectiveness of the presented model for identifying works that were not taken into account by the Contractor in the proposed terms of reference for the work.