A Survey on Ethical Hacking: Issues and Challenges

by   Jean-Paul A. Yaacoub, et al.

Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences. However, in order to reduce the effect of these attacks, penetration tests are highly required, and can be considered as a suitable solution for this task. Therefore, the main focus of this paper is to explain the technical and non-technical steps of penetration tests. The objective of penetration tests is to make existing systems and their corresponding data more secure, efficient and resilient. In other terms, pen testing is a simulated attack with the goal of identifying any exploitable vulnerability or/and a security gap. In fact, any identified exploitable vulnerability will be used to conduct attacks on systems, devices, or personnel. This growing problem should be solved and mitigated to reach better resistance against these attacks. Moreover, the advantages and limitations of penetration tests are also listed. The main issue of penetration tests that it is efficient to detect known vulnerabilities. Therefore, in order to resist unknown vulnerabilities, a new kind of modern penetration tests is required, in addition to reinforcing the use of shadows honeypots. This can also be done by reinforcing the anomaly detection of intrusion detection/prevention system. In fact, security is increased by designing an efficient cooperation between the different security elements and penetration tests.


page 8

page 25


Automatic firewall rules generator for anomaly detection systems with Apriori algorithm

Network intrusion detection systems have become a crucial issue for comp...

Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things

It is critical to secure the Industrial Internet of Things (IIoT) device...

Attack Potential in Impact and Complexity

Vulnerability exploitation is reportedly one of the main attack vectors ...

An Anomaly-based Multi-class Classifier for Network Intrusion Detection

Network intrusion detection systems (NIDS) are one of several solutions ...

Towards a Privacy-preserving Deep Learning-based Network Intrusion Detection in Data Distribution Services

Data Distribution Service (DDS) is an innovative approach towards commun...

Automatic detection of access control vulnerabilities via API specification processing

Objective. Insecure Direct Object Reference (IDOR) or Broken Object Leve...

You have been warned: Abusing 5G's Warning and Emergency Systems

The Public Warning System (PWS) is an essential part of cellular network...