A Systematic Review on Penetration Testing
Ieee account.
- Change Username/Password
- Update Address
Purchase Details
- Payment Options
- Order History
- View Purchased Documents
Profile Information
- Communications Preferences
- Profession and Education
- Technical Interests
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
A Comprehensive Literature Review of Penetration Testing & Its Applications
Citation Count
Offensive Security: Towards Proactive Threat Hunting via Adversary Emulation
Penetration frameworks and development issues in secure mobile application development: a systematic literature review, an empirical comparison of pen-testing tools for detecting web app vulnerabilities, the pentest method for business intelligence, about penetration testing, penetration testing: concepts, attack methods, and defense strategies, vulnerability assessment & penetration testing as a cyber defence technology, a methodology for penetration testing, two methodologies for physical penetration testing using social engineering, related papers (5), mathematical analysis of penetration testing and vulnerability countermeasures, an attack simulator for systematically testing program-based security mechanisms, security testing: a survey, purity: a planning-based security testing tool, a case study on web application security testing with tools and manual testing.
An overview of the benefits, challenges, and legal aspects of penetration testing and red teaming
Nutzen, Herausforderungen und rechtliche Aspekte von Penetrationstests und Red Teaming – ein Überblick
- Published: 04 September 2023
- Volume 4 , pages 387–397, ( 2023 )
Cite this article
- Fabian M. Teichmann ORCID: orcid.org/0000-0001-6543-6401 1 , 2 &
- Sonia R. Boticiu ORCID: orcid.org/0000-0003-0883-3608 3
546 Accesses
2 Citations
1 Altmetric
Explore all metrics
Although red teaming and penetration testing are similar in their end results, it is important for organizations to choose the right assessment for the right purpose, taking into account where the organization is in the security process. This paper examines the process and strategies used in red teaming and penetration testing, along with their benefits and challenges. Furthermore, the legal and ethical aspects of these techniques are highlighted. Thus, the aim of this study is to help organizations choose the best security assessment techniques and tools, to show how penetration testing and red teaming should work together, to provide a better understanding of how to strengthen an organization’s security posture, and hence to identify an avenue for future research.
This is a preview of subscription content, log in via an institution to check access.
Access this article
Price includes VAT (Russian Federation)
Instant access to the full article PDF.
Rent this article via DeepDyve
Institutional subscriptions
Similar content being viewed by others
The Ethical Implications of Using Artificial Intelligence in Auditing
Cyber risk and cybersecurity: a systematic review of data availability
Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study
Al-Ahmad AS, Kahtan H, Hujainah F, Jalab HA (2019) Systematic literature review on penetration testing for mobile cloud computing applications. IEEE Access 7:173524–173540
Article Google Scholar
Altulaihan EA, Alismail A, Frikha M (2023) A survey on web application penetration testing. Electronics 12(5):1229
Al-Ahmad AS, Kahtan H (2019) Fuzz test case generation for penetration testing in mobile cloud computing applications. Intell Comput Optim 1:267–276
Google Scholar
Carin L, Cybenko G, Hughes J (2008) Cybersecurity strategies: the queries methodology. Computer 41(8):20–26
Caudill B (2023) GDPR and penetration testing: what you need to know. https://rhinosecuritylabs.com/compliance/gdpr-penetration-testing-need-know/ . Accessed 15 Aug 2023
Chen CK, Zhang ZK, Lee SH, Shieh S (2018) Penetration testing in the iot age. Computer 51(4):82–85
Choo CS, Chua CL, Tay SHV (2007) Automated red teaming: a proposed framework for military application. In: Proceedings of the 9th annual conference on Genetic and evolutionary computation, pp 1936–1942
de La Vallée P, Losifidis G, Mees W (2022) Cyber red teaming: overview of sly, an orchestration tool. Inf Secur 53(2):273–286
Diogenes Y, Ozkaya E (2018) Cybersecurity-attack and defense strategies: Infrastructure security with red team and blue team tactics. Packt
Doğan S, Betin-Can A, Garousi V (2014) Web application testing: a systematic literature review. J Syst Softw 91:174–201
Draeger M (2023) What is red teaming & how it benefits Orgs. https://www.trendmicro.com/en_se/research/23/a/what-is-red-teaming.html . Accessed 11 July 2023
Firch J (2023) Red team VS blue team: what’s the difference? https://purplesec.us/red-team-vs-blue-team-cyber-security/ . Accessed 15 Aug 2023
Ganado M, Cremona K (2023) Red teaming and penetration testing. What’s the difference? https://www.pwc.com/mt/en/publications/technology/red-teaming-and-penetration-testing.html . Accessed 4 July 2023
Ganguli D, Lovitt L, Kernion J, Askell A, Bai Y, Kadavath S, Clark J (2022) Red teaming language models to reduce harms: methods, scaling behaviors, and lessons learned. arXiv preprint arXiv:2209.07858
George AS, Sagayarajan S (2023) Securing cloud application infrastructure: understanding the penetration testing challenges of IaaS, PaaS, and SaaS environments. Partners Univers Int Res J 2(1):24–34
Gillam J (2023) What are the ethical and legal considerations for penetration testing? https://www.secureideas.com/knowledge/what-are-the-ethical-and-legal-considerations-for-penetration-testing . Accessed 4 July 2023
Harrington D (2022) What is red teaming? Methodology & tools. https://www.varonis.com/blog/red-teaming . Accessed 14 July 2023
Heiding F, Katsikeas S, Lagerström R (2023) Research communities in cyber security vulnerability assessments: a comprehensive literature review. Comput Sci Rev 48:100551
Article MATH Google Scholar
Jaimovich D (2022) What are red team scenarios? Methodology and examples. https://blog.invgate.com/red-team-scenarios-methodology-and-examples . Accessed 7 July 2023
Johansen R (2017) Ethical hacking code of ethics: security, risk & issues. https://panmore.com/ethical-hacking-code-of-ethics-security-risk-issues#:~:text=The%20legal%20risks%20of%20ethical,it%20is%20not%20performed%20properly . Accessed 13 July 2023
Johari R, Kaur I, Tripathi R, Gupta K (2020) Penetration testing in IoT network. In: 2020 5th International Conference on Computing, Communication and Security (ICCCS). IEEE, pp 1–7
Keshri A (2023) Red teaming vs penetration testing—which one to choose & why? https://www.getastra.com/blog/security-audit/red-teaming-vs-penetration-testing/?utm_feeditemid=&utm_device=c&utm_term=&utm_source=google&utm_medium=cpc&utm_campaign=Dynamic+ads+-+Campaign+-+Pentest&hsa_cam=17272935963&hsa_grp=153763431830&hsa_mt=&hsa_src=g&hsa_ad=660848984559&hsa_acc=8352936176&hsa_net=adwords&hsa_kw=&hsa_tgt=dsa-2082491362765&hsa_ver=3&gclid=EAIaIQobChMIttOfx_Hl_wIVFdN3Ch3GUwZ4EAAYASAAEgLrd_D_BwE . Accessed 5 July 2023
Mansfield-Devine S (2018) The best form of defence—the benefits of red teaming. Comput Fraud Secur 2018(10):8–12
Marcinoska-Boulange L (2016) Pentesting of software and intellectual property. https://newtech.law/en/pentesting-of-software-and-intellectual-property/ . Accessed 15 Aug 2023
McKinnel DR, Dargahi T, Dehghantanha A, Choo KKR (2019) A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment. Comput Electr Eng 75:175–188
Mirjalili M, Nowroozi A, Alidoosti M (2014) A survey on web penetration test. Adv Comput Sci Int J 3(6):107–121
Nagendran K, Adithyan A, Chethana R, Camillus P, Varshini KBS (2019) Web application penetration testing. Int J Innov Technol Explor Eng 8(10):1029–1035
Nagpure S, Kurkure S (2017) Vulnerability assessment and penetration testing of web application. In: 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA). IEEE, pp 1–6
Nejad FP, Jaksa MB, Kakhi M, McCabe BA (2009) Prediction of pile settlement using artificial neural networks based on standard penetration test data. Comput Geotech 36(7):1125–1133
Olney M (2023) What are the 5 stages of penetration testing? https://insights.integrity360.com/what-are-the-5-stages-of-penetration-testing#:~:text=In%20this%20blog%20we%20look,Assessment%2C%20Exploitation%2C%20and%20Reporting . Accessed 6 July 2023
Perez E, Huang S, Song F, Cai T, Ring R, Aslanides J, Irving G (2022) Red teaming language models with language models. arXiv preprint arXiv:2202.03286
Book Google Scholar
Petukhov A, Kozlov D (2008) Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. In: Computing systems lab, department of computer science. Moscow State University, pp 1–120
Rehberger J (2020) Cybersecurity attacks—red team strategies: a practical guide to building a penetration testing program having homefield advantage. Packt
Scott BF (2020) Red teaming financial crime risks in the banking sector. J Financial Crime 28(1):98–111
Stefinko Y, Piskozub A, Banakh R (2016) Manual and automated penetration testing. Benefits and drawbacks. Modern tendency. In: 2016 13th international conference on modern problems of radio engineering, telecommunications and computer science (TCSET). IEEE, pp 488–491
Tarawneh B (2017) Predicting standard penetration test N‑value from cone penetration test data using artificial neural networks. Geosci Front 8(1):199–204
Article MathSciNet Google Scholar
Teichmann F (2023) Ransomware attacks in the context of generative artificial intelligence—an experimental study. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00094-x
Teichmann F, Boticiu SR, Sergi BS (2023) Latest technology trends and their cybersecurity implications. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00091-0
Teichmann F, Boticiu S, Sergi BS (2023) RegTech—Potential benefits and challenges for businesses. Technol Soc 72:102150
Teichmann F, Boticiu SR, Sergi BS (2023) The evolution of ransomware attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate? Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00095-w
Teichmann FMJ, Sergi BS, Wittmann C (2023) The compliance implications of a cyberattack: a distributed denial of service (DDoS) attack explored. Int Cybersecur Law Rev. https://doi.org/10.1365/s43439-023-00090-1
Teichmann FMJ, Wittmann C (2022) When is a law firm liable for a data breach? An exploration into the legal liability of ransomware and cybersecurity. J Financial Crime. https://doi.org/10.1108/JFC-04-2022-0093
Tjoa S, Buttinger C, Holzinger K, Kieseberg P (2020) Penetration testing artificial intelligence. ERCIM News 123:36–37
Visoottiviseth V, Akarasiriwong P, Chaiyasart S, Chotivatunyu S (2017) PENTOS: penetration testing tool for Internet of thing devices. In: TENCON 2017–2017 IEEE Region 10 Conference. IEEE, In, pp 2279–2284
Chapter Google Scholar
Walton A (2013) Financial intelligence: Uses and teaching methods (Innovative approaches from subject matter experts). J Strateg Secur 6(3):393–400
Download references
Author information
Authors and affiliations.
Teichmann International (Schweiz) AG, St. Gallen, Switzerland, Dufourstrasse 124, 9000
Fabian M. Teichmann
Teichmann International (Schweiz) AG, St. Gallen, Switzerland, Dufourstrasse 123, 9000
Graduate Research Associate, Teichmann International (Schweiz) AG, Dufourstrasse 124, 9000, St. Gallen, Switzerland
Sonia R. Boticiu
You can also search for this author in PubMed Google Scholar
Contributions
All authors contributed to the conception and design of the study.
Corresponding author
Correspondence to Sonia R. Boticiu .
Ethics declarations
Conflict of interest.
F.M. Teichmann and S.R. Boticiu declare that they have no competing interests.
Additional information
Publisher’s note.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Data Availability Statement
The data used to support the findings of this study are included in the article.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Reprints and permissions
About this article
Teichmann, F.M., Boticiu, S.R. An overview of the benefits, challenges, and legal aspects of penetration testing and red teaming. Int. Cybersecur. Law Rev. 4 , 387–397 (2023). https://doi.org/10.1365/s43439-023-00100-2
Download citation
Received : 18 July 2023
Accepted : 16 August 2023
Published : 04 September 2023
Issue Date : December 2023
DOI : https://doi.org/10.1365/s43439-023-00100-2
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Security assesment
- Cyber-attacks
- Legal aspects
- Ethical aspects
- Find a journal
- Publish with us
- Track your research
IMAGES
VIDEO
COMMENTS
The PEN testing allows a PEN tester to check the functional aspects of a system that how much a system is vulnerable to the Network security & intrusion attacks & to see its defense mechanisms to counterpart these attacks. In this research paper we have conducted a literature review on the work done by the various researchers in the area of Penetration (PEN) testing. We have tried to review ...
Penetration Testing (pentesting) is the authorized intrusion into digital systems. The outputs provide a list of exploitable vulnerabilities that are present in the system (s), a vulnerability ...
The importance of penetration testing, factors and components considered while conducting a penetration test, a survey of tools and procedures followed, role of penetration test while implementing in the IT governance in an organisation and finally the professional ethics to be possessed by the team involved in penetration test are discussed.
A literature review on the work done by the various researchers in the area of Penetration (PEN) testing in terms of their utility, technical specifications, date of their release, Platform compatibility etc. The PEN testing allows a PEN tester to check the functional aspects of a system that how much a system is vulnerable to the Network security & intrusion attacks & to see its defense ...
A Comprehensive Literature Review of Penetration Testing & Its Applications. January 2019. SSRN Electronic Journal. DOI: 10.2139/ssrn.3470687. Authors: Prashant Vats. Manipal University Jaipur ...
This study provided a comprehensive review of 39 studies that address network penetration testing and open ports that need to be considered to prevent attacks. ... B.R. Automated versus manual approach of web application penetration testing'. In Proceedings of the IEEE 2020 11th International Conference on Computing, Communication and ...
The fundamental concept of penetration testing, its lifecycle, ... This paper performs a comprehensive literature review of widely used penetration frameworks, standards, tools, and vulnerability scoring systems. ... An enterprise may want to check only the network vulnerability rather than web applications or databases, and the pen tester ...
This article aims to provide a comprehensive review of penetration testing approaches and tools used for web applications and to analyze the previous literature in this area and determine the advantages and limitations of each solution proposed. ... Review and analyze the literature on web penetration testing and its associated methods ...
The PEN testing permits a tester to verify the nonfunctional as well as functional aspects of a model in such a way that it can judge that how much a target is vulnerable to the intrusion attacks as well as security. It also helps to check its defense mechanisms in case any of the attack occurs. In this research paper review on the work proposed by the various researchers in the area of ...
A Comprehensive Literature Review of Artificial Intelligent Practices in the Field of Penetration Testing ... De Benedictis A, Rak M, Villano U (2018) Towards automated penetration testing for cloud applications. In: 2018 IEEE 27th international conference on enabling technologies: infrastructure for collaborative enterprises (WETICE). IEEE, pp ...
Network penetration testing is a type of security assessment used to find risk. areas and vulnerabilities that threaten the security of a network. Thus, network penetration testing is. designed ...
Vats, P., Mandot, M., & Gosain, A. (2020). A Comprehensive Literature Review of Penetration Testing & Its Applications. 2020 8th International Conference on ...
The purpose of the study by P. Shi et al. [20] was to introduce a penetration testing framework for large networks based on network fingerprinting to address the limitations of traditional penetration testing in large networks. Two techniques were discussed, namely network fingerprinting and cyberspace search engine.
Abstract: The PEN testing allows a PEN tester to check the functional aspects of a system that how much a system is vulnerable to the Network security & intrusion attacks & to see its defense mechanisms to counterpart these attacks. In this research paper we have conducted a literature review on the work done by the various researchers in the area of Penetration (PEN) testing.
It is recommended that researchers in this field focus on automated network penetration testing, which will train machine learning models to detect a wide range of vulnerabilities in order to find solutions to mitigate the risks in a short amount of time rather that through manual WLAN penetrationTesting, which consumes a lot of time. Given the widespread use of the internet at the individual ...
Many studies in the literature target a specific subset of penetration tests and vulnerability assessments, such as penetration tests based on Internet of Things (IoT) devices [6, 21, 44], penetration testing of cloud computing applications [1, 3], and web-based penetration testing [2, 27, 28, 32].Other studies address a synergy between penetration testing and artificial intelligence and how ...
offloading, and has numerous advantages and increased security and complexity. Penetration testing of. mobile applications has become more complex an d expensive due to s everal parameters, such ...
This paper has systematically reviewed previous penetration testing models and techniques based on the requirements in Kitchenham's SLR guidelines to provide a comprehensive systematic literature review of the MCC, security and penetration testing domains and to establish the requirements for penetration testing of MCC applications.
Five web application penetration testing tools were presented, namely Astra's Pentest, NMAP, Wireshark, Metasploit, and Burp Suite. It explains the types, phases, and tools of web penetration testing. There is not enough discussion about the tools and how to select the optimal one. 4.
A Comprehensive Literature Review of Penetration Testing & Its Applications. Prashant Vats Manju Mandot A. Gosain. Computer Science. 2020 8th International Conference on Reliability… 2020; TLDR. A literature review on the work done by the various researchers in the area of Penetration ...
The authors of conducted a comprehensive literature review of pen-testing and its applications. The study reviewed the work conducted in the field of pen-testing. ... A Comprehensive Literature Review of Penetration Testing & Its Applications. In Proceedings of the 2020 8th International Conference on Reliability, Infocom Technologies and ...