a comprehensive literature review of penetration testing & its applications

A Systematic Review on Penetration Testing

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

A Comprehensive Literature Review of Penetration Testing & Its Applications

Citation Count

Offensive Security: Towards Proactive Threat Hunting via Adversary Emulation

Penetration frameworks and development issues in secure mobile application development: a systematic literature review, an empirical comparison of pen-testing tools for detecting web app vulnerabilities, the pentest method for business intelligence, about penetration testing, penetration testing: concepts, attack methods, and defense strategies, vulnerability assessment & penetration testing as a cyber defence technology, a methodology for penetration testing, two methodologies for physical penetration testing using social engineering, related papers (5), mathematical analysis of penetration testing and vulnerability countermeasures, an attack simulator for systematically testing program-based security mechanisms, security testing: a survey, purity: a planning-based security testing tool, a case study on web application security testing with tools and manual testing.

An overview of the benefits, challenges, and legal aspects of penetration testing and red teaming

Nutzen, Herausforderungen und rechtliche Aspekte von Penetrationstests und Red Teaming – ein Überblick

• Published: 04 September 2023
• Volume 4 , pages 387–397, ( 2023 )

Cite this article

• Fabian M. Teichmann   ORCID: orcid.org/0000-0001-6543-6401 1 , 2 &
• Sonia R. Boticiu   ORCID: orcid.org/0000-0003-0883-3608 3  

546 Accesses

2 Citations

1 Altmetric

Explore all metrics

Although red teaming and penetration testing are similar in their end results, it is important for organizations to choose the right assessment for the right purpose, taking into account where the organization is in the security process. This paper examines the process and strategies used in red teaming and penetration testing, along with their benefits and challenges. Furthermore, the legal and ethical aspects of these techniques are highlighted. Thus, the aim of this study is to help organizations choose the best security assessment techniques and tools, to show how penetration testing and red teaming should work together, to provide a better understanding of how to strengthen an organization’s security posture, and hence to identify an avenue for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

The Ethical Implications of Using Artificial Intelligence in Auditing

Cyber risk and cybersecurity: a systematic review of data availability

Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study

Al-Ahmad AS, Kahtan H, Hujainah F, Jalab HA (2019) Systematic literature review on penetration testing for mobile cloud computing applications. IEEE Access 7:173524–173540

Article   Google Scholar  

Altulaihan EA, Alismail A, Frikha M (2023) A survey on web application penetration testing. Electronics 12(5):1229

Al-Ahmad AS, Kahtan H (2019) Fuzz test case generation for penetration testing in mobile cloud computing applications. Intell Comput Optim 1:267–276

Google Scholar  

Carin L, Cybenko G, Hughes J (2008) Cybersecurity strategies: the queries methodology. Computer 41(8):20–26

Caudill B (2023) GDPR and penetration testing: what you need to know. https://rhinosecuritylabs.com/compliance/gdpr-penetration-testing-need-know/ . Accessed 15 Aug 2023

Chen CK, Zhang ZK, Lee SH, Shieh S (2018) Penetration testing in the iot age. Computer 51(4):82–85

Choo CS, Chua CL, Tay SHV (2007) Automated red teaming: a proposed framework for military application. In: Proceedings of the 9th annual conference on Genetic and evolutionary computation, pp 1936–1942

de La Vallée P, Losifidis G, Mees W (2022) Cyber red teaming: overview of sly, an orchestration tool. Inf Secur 53(2):273–286

Diogenes Y, Ozkaya E (2018) Cybersecurity-attack and defense strategies: Infrastructure security with red team and blue team tactics. Packt

Doğan S, Betin-Can A, Garousi V (2014) Web application testing: a systematic literature review. J Syst Softw 91:174–201

Draeger M (2023) What is red teaming & how it benefits Orgs. https://www.trendmicro.com/en_se/research/23/a/what-is-red-teaming.html . Accessed 11 July 2023

Firch J (2023) Red team VS blue team: what’s the difference? https://purplesec.us/red-team-vs-blue-team-cyber-security/ . Accessed 15 Aug 2023

Ganado M, Cremona K (2023) Red teaming and penetration testing. What’s the difference? https://www.pwc.com/mt/en/publications/technology/red-teaming-and-penetration-testing.html . Accessed 4 July 2023

Ganguli D, Lovitt L, Kernion J, Askell A, Bai Y, Kadavath S, Clark J (2022) Red teaming language models to reduce harms: methods, scaling behaviors, and lessons learned. arXiv preprint arXiv:2209.07858

George AS, Sagayarajan S (2023) Securing cloud application infrastructure: understanding the penetration testing challenges of IaaS, PaaS, and SaaS environments. Partners Univers Int Res J 2(1):24–34

Gillam J (2023) What are the ethical and legal considerations for penetration testing? https://www.secureideas.com/knowledge/what-are-the-ethical-and-legal-considerations-for-penetration-testing . Accessed 4 July 2023

Harrington D (2022) What is red teaming? Methodology & tools. https://www.varonis.com/blog/red-teaming . Accessed 14 July 2023

Heiding F, Katsikeas S, Lagerström R (2023) Research communities in cyber security vulnerability assessments: a comprehensive literature review. Comput Sci Rev 48:100551

Article   MATH   Google Scholar  

Jaimovich D (2022) What are red team scenarios? Methodology and examples. https://blog.invgate.com/red-team-scenarios-methodology-and-examples . Accessed 7 July 2023

Johansen R (2017) Ethical hacking code of ethics: security, risk & issues. https://panmore.com/ethical-hacking-code-of-ethics-security-risk-issues#:~:text=The%20legal%20risks%20of%20ethical,it%20is%20not%20performed%20properly . Accessed 13 July 2023

Johari R, Kaur I, Tripathi R, Gupta K (2020) Penetration testing in IoT network. In: 2020 5th International Conference on Computing, Communication and Security (ICCCS). IEEE, pp 1–7

Keshri A (2023) Red teaming vs penetration testing—which one to choose & why? https://www.getastra.com/blog/security-audit/red-teaming-vs-penetration-testing/?utm_feeditemid=&utm_device=c&utm_term=&utm_source=google&utm_medium=cpc&utm_campaign=Dynamic+ads+-+Campaign+-+Pentest&hsa_cam=17272935963&hsa_grp=153763431830&hsa_mt=&hsa_src=g&hsa_ad=660848984559&hsa_acc=8352936176&hsa_net=adwords&hsa_kw=&hsa_tgt=dsa-2082491362765&hsa_ver=3&gclid=EAIaIQobChMIttOfx_Hl_wIVFdN3Ch3GUwZ4EAAYASAAEgLrd_D_BwE . Accessed 5 July 2023

Mansfield-Devine S (2018) The best form of defence—the benefits of red teaming. Comput Fraud Secur 2018(10):8–12

Marcinoska-Boulange L (2016) Pentesting of software and intellectual property. https://newtech.law/en/pentesting-of-software-and-intellectual-property/ . Accessed 15 Aug 2023

McKinnel DR, Dargahi T, Dehghantanha A, Choo KKR (2019) A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment. Comput Electr Eng 75:175–188

Mirjalili M, Nowroozi A, Alidoosti M (2014) A survey on web penetration test. Adv Comput Sci Int J 3(6):107–121

Nagendran K, Adithyan A, Chethana R, Camillus P, Varshini KBS (2019) Web application penetration testing. Int J Innov Technol Explor Eng 8(10):1029–1035

Nagpure S, Kurkure S (2017) Vulnerability assessment and penetration testing of web application. In: 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA). IEEE, pp 1–6

Nejad FP, Jaksa MB, Kakhi M, McCabe BA (2009) Prediction of pile settlement using artificial neural networks based on standard penetration test data. Comput Geotech 36(7):1125–1133

Olney M (2023) What are the 5 stages of penetration testing? https://insights.integrity360.com/what-are-the-5-stages-of-penetration-testing#:~:text=In%20this%20blog%20we%20look,Assessment%2C%20Exploitation%2C%20and%20Reporting . Accessed 6 July 2023

Perez E, Huang S, Song F, Cai T, Ring R, Aslanides J, Irving G (2022) Red teaming language models with language models. arXiv preprint arXiv:2202.03286

Book   Google Scholar  

Petukhov A, Kozlov D (2008) Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. In: Computing systems lab, department of computer science. Moscow State University, pp 1–120

Rehberger J (2020) Cybersecurity attacks—red team strategies: a practical guide to building a penetration testing program having homefield advantage. Packt

Scott BF (2020) Red teaming financial crime risks in the banking sector. J Financial Crime 28(1):98–111

Stefinko Y, Piskozub A, Banakh R (2016) Manual and automated penetration testing. Benefits and drawbacks. Modern tendency. In: 2016 13th international conference on modern problems of radio engineering, telecommunications and computer science (TCSET). IEEE, pp 488–491

Tarawneh B (2017) Predicting standard penetration test N‑value from cone penetration test data using artificial neural networks. Geosci Front 8(1):199–204

Article   MathSciNet   Google Scholar  

Teichmann F (2023) Ransomware attacks in the context of generative artificial intelligence—an experimental study. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00094-x

Teichmann F, Boticiu SR, Sergi BS (2023) Latest technology trends and their cybersecurity implications. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00091-0

Teichmann F, Boticiu S, Sergi BS (2023) RegTech—Potential benefits and challenges for businesses. Technol Soc 72:102150

Teichmann F, Boticiu SR, Sergi BS (2023) The evolution of ransomware attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate? Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00095-w

Teichmann FMJ, Sergi BS, Wittmann C (2023) The compliance implications of a cyberattack: a distributed denial of service (DDoS) attack explored. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00090-1

Teichmann FMJ, Wittmann C (2022) When is a law firm liable for a data breach? An exploration into the legal liability of ransomware and cybersecurity. J Financial Crime. https://doi.org/10.1108/JFC-04-2022-0093

Tjoa S, Buttinger C, Holzinger K, Kieseberg P (2020) Penetration testing artificial intelligence. ERCIM News 123:36–37

Visoottiviseth V, Akarasiriwong P, Chaiyasart S, Chotivatunyu S (2017) PENTOS: penetration testing tool for Internet of thing devices. In: TENCON 2017–2017 IEEE Region 10 Conference. IEEE, In, pp 2279–2284

Chapter   Google Scholar  

Walton A (2013) Financial intelligence: Uses and teaching methods (Innovative approaches from subject matter experts). J Strateg Secur 6(3):393–400

Download references

Author information

Authors and affiliations.

Teichmann International (Schweiz) AG, St. Gallen, Switzerland, Dufourstrasse 124, 9000

Fabian M. Teichmann

Teichmann International (Schweiz) AG, St. Gallen, Switzerland, Dufourstrasse 123, 9000

Graduate Research Associate, Teichmann International (Schweiz) AG, Dufourstrasse 124, 9000, St. Gallen, Switzerland

Sonia R. Boticiu

You can also search for this author in PubMed   Google Scholar

Contributions

All authors contributed to the conception and design of the study.

Corresponding author

Correspondence to Sonia R. Boticiu .

Ethics declarations

Conflict of interest.

F.M. Teichmann and S.R. Boticiu declare that they have no competing interests.

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Data Availability Statement

The data used to support the findings of this study are included in the article.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Teichmann, F.M., Boticiu, S.R. An overview of the benefits, challenges, and legal aspects of penetration testing and red teaming. Int. Cybersecur. Law Rev. 4 , 387–397 (2023). https://doi.org/10.1365/s43439-023-00100-2

Download citation

Received : 18 July 2023

Accepted : 16 August 2023

Published : 04 September 2023

Issue Date : December 2023

DOI : https://doi.org/10.1365/s43439-023-00100-2

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Security assesment
• Cyber-attacks
• Legal aspects
• Ethical aspects
• Find a journal
• Publish with us
• Track your research