Method and Means for Choice of Penetration Testing Services

Abstract

The methods of assessing the security of information systems (IS) with the help of special means of penetration testing (PT) and services that provide the corresponding tools (Penetration Testing as a Service, PTaaS) are analyzed. The indicators to compare PTaaS tools and services are substantiated, namely: provision of a report on compliance of the tested product with data protection requirements, availability of security certificates, use of appropriate testing methodologies, etc. A method has been developed for selecting a PTaaS service according to the customer’s requirements to increase IS cyber security by improving the completeness and reliability of penetration testing, as well as reducing the search time for PT tools. A cloud service is proposed that supports the implementation of the method and provides the option of choosing PTaaS. It was determined that the use of the proposed method and service enables users to quickly and conveniently choose PTaaS according to the requirements and work model of organizations or digital products.