Titulo Estágio
Continuous, automated and certification-aware penetration testing
Local do Estágio
DEI-FCTUC
Enquadramento
Penetration testing (PenTest) is a demanding activity that requires significant effort, meticulous attention to detail, and specialized expertise. Due to its complexity, penetration testing is typically conducted within a specific context or as part of a compliance process (e.g., ISO 27001 certification).
The process begins with defining the scope of the test, which involves identifying the assets to be evaluated—such as a particular service, an API, or a database. The organization requesting the PenTest is responsible for providing essential information, including the motivation for the assessment (such as compliance or certification requirements) and the precise scope of the engagement.
Accurately identifying assets is a challenging task. Even skilled attackers invest considerable time and effort during reconnaissance to map out a target system’s attack surface. Key questions must be addressed: Which services are running? What protocols are in use? What authentication mechanisms are supported? Thorough answers to these questions are crucial for effective asset identification and, ultimately, for a successful penetration test.
Objetivo
Goal 1: Systematize Asset Identification for Penetration Testing
This goal focuses on creating a standardized framework to streamline asset discovery. Key components include:
1. Methodology for Mapping Information Flows: Identify and document data interactions between NIS2 Directive-defined “important” and “essential” entities.
2. Dynamic Asset Discovery Process: Develop a repeatable, low-variance workflow for uncovering assets, ensuring consistency across periodic assessments.
Goal 2: Automate Penetration Testing for REST APIs Using Generative AI
This goal aims to reduce manual effort and enhance efficiency in API security testing. Key components include:
1. Attack Surface Reduction: Minimize human intervention in identifying exploitable entry points for REST API-based services/applications.
2. Intelligent Testing Automation: Implement generative AI to design adaptive payload scans and fuzzy testing protocols tailored to REST API endpoints.
Plano de Trabalhos - Semestre 1
T1.1 – Survey of Penetration Testing Methodologies and Tools
Conduct a comprehensive review of existing methodologies and tools used in penetration testing.
T1.2 – Analysis of Large Language Models (LLMs)
Evaluate the capabilities and limitations of large language models relevant to security automation.
T1.3 – Use Case Definition and Security Standards Compliance
Define practical use cases and identify applicable security standards for compliance (e.g., ISO 27001).
T1.4 – Design of LLM-Driven Asset Identification Automation
Develop the process for automating asset identification using large language models.
T1.5 – Preliminary Design of LLM-Based Penetration Testing Automation
Create an initial framework for automating penetration testing activities through LLMs.
T1.6 – Preparation of the Interim Report
Compile findings and progress into an intermediary report.
Plano de Trabalhos - Semestre 2
T2.1 – Implementation of Automated Asset Identification
Deploy the LLM-driven automation process for asset identification as outlined in T1.4.
T2.2 – Final Design of Automated Penetration Testing
Complete the framework for automating penetration testing activities using large language models (LLMs).
T2.3 – Evaluation of LLM Models for Penetration Testing
Assess the performance and reliability of selected large language models in automated security testing scenarios.
T2.4 – Final Report and Scientific Publication
Synthesize results into a comprehensive final report and prepare a research paper for peer-reviewed publication.
Condições
The student will have access to all the computational resources necessary to carry out the work. A workspace at CISUC (Centre for Informatics and Systems of the University of Coimbra) will also be made available. Evaluation through simulation may be carried out using the computational resources available in the department.
Observações
Supervised by:
- Bruno Sousa
- João Campos
- Nuno Seixas
The work is in the scope of the CSLab activities.
Orientador
Bruno Sousa
bmsousa@dei.uc.pt 📩