ASIA Main Page
Call for Papers
Best Paper Awards
NYS Cyber Security Conf.
Directions & Parking
UAlbany Business Website
Want to Sponsor?
Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014|
Even Hackers Deserve Usability: An Expert Evaluation of Penetration Testing Tools
Michael Bingham, Adam Skillen, and Anil Somayaji
Penetration testing is a necessary task to prevent or mitigate network intrusion. System administrators often use various penetration testing tools to aid in testing their networks; systems administrators, however, often do not have significant security expertise. It is thus important that penetration testing tools be usable by non-security experts. Here we examine the extent to which two commonly used penetration testing tools, Nessus and Metasploit, are usable by non-experts using a heuristic walkthrough. We identify pitfalls in user interface design, software configuration, and user notification which may hamper a nonsecurity expert’s ability to use such tools effectively. We propose user interface improvements to address issues identified by our evaluation. We also report on the efficacy of the domain-specific heuristics we selected for penetration testing usability.See the ASIA '14 Proceedings for the complete paper...
One person's "paranoia" is another person's "engineering redundancy".
- Marcus J. Ranum
The superior man, when resting in safety, does not forget that danger may come. When in state of security he does not forget disorder may come. Thus his person is not endangered and his states and all their clans are preserved.
- Confucius (551-479 BC)
Securing a computer system has traditionally been a battel of wits: the penetrator tries to find the holes, and the designer tries to close them.