Penetration testing is one of the most effective active methods of reducing the risk of system compromise by exploiting vulnerabilities in its software components. In Ukraine, the concept of “penetration testing” is defined as the search for and identification of potential vulnerabilities in information (automated), electronic communication, information and communication systems, and electronic communication networks. At the current stage of development of the practice of searching for and identifying system vulnerabilities (cyber protection objects), this process is based on the participation of a penetration testing specialist. Above all, he is responsible for the correct identification (proving the existence) of system vulnerabilities (cyber protection objects) based on the use of modern international experience for carrying out such activities. We propose to consider setting a scientific task to develop a methodological framework for selecting strategies for the penetration testing process. Based on the use of the proposed methodological apparatus, the task of searching for and detecting vulnerabilities in a system (cyber protection object) in a minimum (acceptable) amount of time has been formulated, subject to acceptable (minimum) resource costs and a defined probability of correctly detecting vulnera The main provisions of the developed methodological apparatus for solving penetration testing tasks are published: a semantic network of structural-causal relationships between tasks for achieving tactical goals (tactics); justification based on the application of The Cyber Kill Chain, The Unified Kill Chain, Ethical Hacking Methodology, ATT interpretation in the context of a logical-psychological decision-making scheme; an oriented graph of a specialist's action scheme; a model for forming a set of alternative strategies. A meaningful method of a specialist's strategy for testing the penetration of a Server-Side Web Application system (cyber protection object) is provided, in the process of which the tactical goal (tactics) of Initial Access is achieved based on solving the Exploit Public-Facing Application task.bilities in the system (cyber protection object).
Husainov et al. (Wed,) studied this question.