DEVELOPMENT OF A SECURE LOGGING AND MANAGEMENT SYSTEM FOR PENETRATION TESTING

The sphere of information security in Kazakhstan affects an increasing number of industries every year, and penetration testing is also gaining popularity, as it is one of the key methods for assessing the security and risks of a company. This article is devoted to the research and development of a web application to provide full control over the penetration testing process: monitoring the implementation of tasks and projects, reporting on all processes, dividing tasks between employees. The management system automatically selects recommendations for eliminating vulnerabilities and generates reports on penetration testing. As a classification algorithm, a decision tree is used. Differentiation of users by access levels, structured data storage, automatic recording of test results, generation of reports and selection of recommendations for eliminating vulnerabilities make the web application more perfect and convenient compared to similar systems. The importance of this study lies in the simplification of the implementation of penetration testing and the development of this service in Kazakhstan, which will improve the level of information security in enterprises of all industries.

1. Canadian Centre for Cyber Security, Cyber Threat and Cyber Threat Actors [online]. ISBN 978-0-660-45950-9. https://www.cyber.gc.ca/sites/default/files/ncta-2022-intro-e.pdf (2020).

2. Verizon, 2019 Data Breach Investigations Report [online]. https://www.nist.gov/system/files/documents/2019/10/16/1-2-dbir-widup.pdf (2019).

3. Bischoff P. (2020) How data breaches affect stock market share prices.

4. Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones (2011) An Overview Of Penetration Testing, International Journal of Network Security & Its Applications, vol.3, no.6.

5. Positive Technologies, External pentests results – 2020, Penetration testing of corporate information systems (2020).

6. Hessa Mohammed Zaher Al Shebli, Babak D. Beheshti, A study on penetration testing process and tools, IEEE Long Island Systems, Applications and Technology Conference. https://doi.org/10.1109/LISAT.2018.8378035.

7. Chiem Trieu Phong, Wei Qi Yan, An Overview of Penetration Testing, International Journal of Digital Crime and Forensics, 25. https://doi.org/10.4018/ijdcf.2014100104.