US 12,287,882 B2
Framework for automated penetration testing
Rohini Sulatycki, Lake Worth, FL (US); and Vladimir Wolstencroft, New York, NY (US)
Assigned to Twilio Inc., San Francisco, CA (US)
Filed by Twilio Inc., San Francisco, CA (US)
Filed on May 13, 2021, as Appl. No. 17/302,828.
Claims priority of provisional application 63/025,437, filed on May 15, 2020.
Prior Publication US 2021/0357507 A1, Nov. 18, 2021
Int. Cl. G06F 21/57 (2013.01); G06F 9/54 (2006.01); H04L 9/40 (2022.01)
CPC G06F 21/577 (2013.01) [G06F 9/541 (2013.01); H04L 63/1433 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, by a penetration manager having one or more processors, a request to perform a penetration test, the request comprising an attack tree according to which the requested penetration test is to be performed, the attack tree in the received request having a tree structure with nodes that each represent a corresponding attack;
performing, by the penetration manager, attacks on a target device based on the attack tree in the received request to perform the penetration test, wherein results of a first attack that corresponds to a first node of the attack tree are passed to a next-level attack that corresponds to a next-level node of the attack tree until a final attack that corresponds to a final node of the attack tree is performed; and
determining, by the penetration manager, that the penetration test is successful based on successfully executing the final attack that corresponds to the final node.