| CPC G06F 21/577 (2013.01) [G06F 11/3684 (2013.01); G06F 11/3688 (2013.01); G06F 11/3692 (2013.01); H04L 67/025 (2013.01); G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A penetration testing device comprising:
a memory; and
a processor that is arranged to perform operations including:
determining availability of one or more penetrating testing resources for conducting a penetration test;
determining, based on the availability, a mode of operation for the penetration testing device from one of a headless mode and a remote mode;
if the determined mode of operation is the headless mode:
determining a penetration test script customized for a target application;
in response to receiving an instruction to perform an autonomous penetration test, executing the penetration test script to perform the autonomous penetration test on the target application;
based on results of the autonomous penetration test, compiling data indicative of security vulnerabilities in the target application; and
storing the compiled data in the memory; and
if the determined mode of operation is the remote mode:
establishing a secure connection between the penetration testing device and a remote computing device;
receiving from the remote computing device instructions for performing a remote penetration test on the target application;
performing the remote penetration test instructions to determine the security vulnerabilities of the target application; and
providing the remote computing device with a compilation of the security vulnerabilities,
wherein determining the mode of operation based on the availability comprises:
in response to determining the one or more penetrating testing resources are available, determining that the mode of operation is the remote mode; and
in response to determining the one or more penetrating testing resources are not available, determining that the mode of operation is the headless mode.
|