Professional Documents
Culture Documents
A Framework For Penetration Testing
A Framework For Penetration Testing
A Framework For Penetration Testing
Introduction
In today era where technology is a way of life, our day to day activities are handled with software’s and internet
of things (IOT), security has been the big issue to deal with. Technologies are vulnerable to threat that are being
exploited every single time even if software are being upgraded the vulnerabilities are always being discovered
that’s where penetration testing come from, if we can’t avoid it lets think like them and protect it, penetration
testing is ethically hacking an application in order to avoid weakness and vulnerabilities within the system using
the mind of a hacker perspective, although there are many kind of tools, guidelines and checklists the
application of it is weak specially in Ethiopia where technology is in a growing stage security is being neglected
among software developers which is resulting a loss in its functionality and compatibility, that is why this
research proposes a framework that will align penetration testing stages with software development life cycle.
In Software development life cycle emphasis is given for functional requirement testing and security is
tested when the software product is in evaluation stage this approach is resulting the software product to
be vulnerable to potential attack and threats, even if there are researches to avoid this problem the
application in the software development life cycle is not critical that is why this research proposes
simplified an end to end stage alignment of penetration testing stages with software development life
cycle.
Research question
What are the current trends, tool, techniques and guideline used in selected software development companies to
consider or address security requirement for their software products?
The research question will be raised in both specific quantitative and qualitative research sub-questions
General objective
Specific objective
Methodology
A mixed method design, which is a procedure for collecting, analyzing and mixing both quantitative
and qualitative data at will be conduct in order to analyze the problem. Besides, using both approaches will
allow the research to have a complete analysis and to draw a precise conclusion. In addition to this an extensive
literature review, case study, scenario-based analysis and simulations will be used in order to let the research
have a tangible and diversified view of the research problem.
The research will only focus on the analysis of penetration testing. It does not typically focus on other
security attributes.
The research will only focus on software development stages of requirement, design, implementation,
verification and deployment. It does not include other development stages such as evaluation.