International Journal of Trend in Scientific Research and Development (IJTSRD)

Volume 5 Issue 4, May-June 2021 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470

Systematic Review: Automation in Cyber Security

Nitin1, Dr. Lakshmi J. V. N2
1MCA Computer Science Department, 2Associate Professor, MCA Computer Science Department,
1,2Jain (Deemed-to-be) University, Bengaluru, Karnataka, India

ABSTRACT How to cite this paper: Nitin | Dr.

Many aspects of cyber security are carried by automation systems and service Lakshmi J. V. N "Systematic Review:
applications. The initial steps of cyber chain mainly focus on different Automation in Cyber
automation tools with almost same task objective. Automation operations are Security" Published
carried only after detail study on particular task (pre-engagement phase), the in International
tool is going to perform, measurement of dataset handling of tool produced Journal of Trend in
output. The algorithm is going to make use of after comparing the existing Scientific Research
tools efficiency, the throughput time, output format for reusable input and and Development
mainly the resource’s consumption. In this paper we are going to study the (ijtsrd), ISSN: 2456- IJTSRD41315
existing methodology in application and system pen testing, automation tool’s 6470, Volume-5 |
efficiency over growing technology and their behaviour study on unintended Issue-4, June 2021, pp.388-391, URL:
platform assignment. www.ijtsrd.com/papers/ijtsrd41315.pdf

KEYWORDS: Pentesting, Automation, Cyber chain, Vulnerabilities, 0day Copyright © 2021 by author(s) and
International Journal of Trend in Scientific
Research and Development Journal. This
is an Open Access article distributed
under the terms of
the Creative
Commons Attribution
License (CC BY 4.0)
(http://creativecommons.org/licenses/by/4.0)

INTRODUCTION Necessity and Pentesting the Internal and External

As the population of internet devices exponentially grows Assets, Services
without limits, respective regulatory bodies need a control Testing the consistency of the system or service is a must in
with data being handled by whom, what, how and where. growing technological population and which at the end the
And it completely depends the service provider, but still the user is looking for the unique way or the secured way of
SP(service providers) irrespective of hardware or software interfacing each other. And this can be achieved by the
need to agree with the rules and regulations introduced and continuous testing methodology and improvement to its
applied by government data protection authorities. The idea efficiency, this is the key to hold a big part of market. The
behind automation in Cyber security is, increasing the automated testing tools covers the known vulnerability
efficiency and time saving. Most of the static based task are scanning scope which helps in saving time and man power.
carried out by the service application itself, but here the
Need of pentesting in all organization irrespective of
explicit detection and prevention softwares takeover the
business scale:
static tasks like previously discovered contents, and later the
A) Protecting the internal confidential data. B) Protecting the
systems keeps the records of it and starts comparing to the
user shared data for service usage. B) Protecting the systems
realtime service application operations. For dynamic tasks
that gets the service running. These are the main categories
or completely new events some more level of human
where every organization need to invest in to get the
interaction is needed for decision making on particular event
business running in the competitive market. The
or some intelligence system that has more accuracy rate
subcategories will be organizational assets as well as owned
compare to usual detection and precaution based softwares.
external assets like the user data.
Testing the compatibility of the tools with new concepts and
Pentesting Internal Assets: Intra-network, connected
algorithms, leading to some level of testing operation
systems and networking devices, database hosting systems,
improvement. Knowing the different pentesting phases, and
computational servers, authentication management server
understanding on how to create a tool that automates the
and softwares that handle the work flow or operation
static and dynamic operations. Every phase has a tool that
management systems. These devices need to be tested their
helps in pentesting life cycle, understanding the importance
performance in uncomfortable zone to see the its efficiency
of documentation on every phase and report generation by
and output it generates. The pentesting operation is carried
specific tools. The known vulnerability can be blacklisted on
out by the internal VAPT (Vulnerability Assessment and
the application or system by the service provider, using this
Pentration Testing) team if the organization has the budget
set of prevention data, the preventative software or system
according to their business objective. Every organization in
can learn and can be used on the future for 0day
global scale has an internal VAPT team apart from third
vulnerabilities mitigation.
party service provider, the team must be skillful to test the

@ IJTSRD | Unique Paper ID – IJTSRD41315 | Volume – 5 | Issue – 4 | May-June 2021 Page 388
 International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
assets, services and be on the same level as service provider any project is under high prioritization of security
in testing skill to check integrity of services the third party is precautions, and this can be achieved with greater
offering, it might be a software irrespective of platform, experience in specified operation development as well as in
network, common interface platforms for both employees as development model like Water Fall model, Iterative model,
well customers. Mainly the internal team handles the day to Spiral model, Agile model etc. The complexity resides on the
day tasks like SOC, NOC etc. And these operations cannot network level, the complexity is must and it should be
easily be handover to third party due to cost matter and completely comprehensible to internal team, like virtual sub-
confidential operations period[1][9][10]. The first responder networks, and their behaviour with preset of ACL(Access
of any internal cause of threat would be internal VAPT team. Control List). And this all depends on the network
The internal assets pentesting operations may get easier if architecture efficiency, impact isolation strategy
the development practices throughout the deployment of implementation in software and hardware parts[3].

Fig 1.1 Generic Testing and Model Training Life Cycle Flow Chart
The necessity of internal pentesting to protect the internal data flow and privileged systems, and the intra-network is the one
that challenges the attacker, how far the attack can be carried out. If the impact on the hosted services is leading and effecting
to internal operation and architecture, that means the organization intra-network is not robust in nature. Sometimes the attack
would not necessarily be initiated from outside the network, the organizational employee could use it for sabotaging the
organization. The nodes under the intra-network has to be secured, before any attacker makes use of existing vulnerabilities on
the nodes. It is also important to know how well the prevention systems works at worst situation like cyber attacks.
Pentesting Externally hosted services: This is the public exposed assets, that needs more attention with constant support, in
short maintaining the consistency of any hosted services can reduce the impact and future loss. The services could be
standalone software, internet services like web applications, mobile applications, IoT devices, hardware equipments or
subscription based services etc. Every single services has a separate set of standards for pentesting methodologies and
frameworks.
For web application pentesting standard methodology could be initial reconnaissance and OSINT(Open source Intelligence
Gathering), threat modelling, vulnerability analysis, initial exploitation, post exploitation, and finally vulnerability assessment,
report writing and auditing[4]. The methodology completely depends on the team or organization specific, and can design their
own frameworks for set of service’s pentesting. IoT pentesing general methodology includes isolation testing technique, later
begins with communication protocols usage and testing its consistency, testing environmental interaction with other connected
components to complete the task, testing its functionality using bottom-up or top to bottom approach, its hardware and
firmware reconnaissance and testing, centralized management device or system testing[5]. The hardware equipment
pentesting methodology is almost same as IoT device testing but with wider scope. The tools that are used throughout the
process is completely depends on the organization choice, hired third party standard methodological based tools.
Generic Methodology And Existing System’s Workflow
The workflow represents complete procedure that needs to fulfill all the pentesting and specific organization requirements.
First the internal team is the only source for complete pentesting operations, secondly hiring a third party penetration testing
team as a service. The higher authority and defined standards for SDLC inside the organization highly depends on the
penetration testing plans with proper budget like when and how. The pentesting operation could take place on every month at
lower scope, quarterly or yearly. The how defines the techniques, methodologies and standard frameworks and this lead to
choosing an efficient tool matching the preset of criteria[6].

@ IJTSRD | Unique Paper ID – IJTSRD41315 | Volume – 5 | Issue – 4 | May-June 2021 Page 389
 International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470

Fig 2.1 Generic Penetration Testing Phases

To begin with pentesting an asset irrespective of type Benefit of Task Automation in Routine Security
based(period), it is must to acquire the legal grant from asset Operations
owner and non disclosure agreement, before starting the Pentesting automation tools play vital role in day to day
decision making process on type of methodology or operations independent of organizational scale and target
framework going to be used. Testing any assets fall under scope. Tools are designed in reducing the user interaction
these categories, white box, grey box and black box testing. after initiation with input. Below mentioned advantages are
White box testing include complete knowledge about considered from both static and dynamic automation
internal structure and its mostly be performed by the systems or tools.
internal VAPT team, and other testing includes little or no
Faster: Compare to manual pentesting the automated tools
internal knowledge about the internal network and
can able to surpass the speed of testing the targeted
architecture of the asset and these testing is mostly be
application with commonly known exploitation techniques.
performed by the third party pentesting team. Every team
The tools which uses dynamic learning methodology, may
follows above phases, and set of tools is must to note before
take slightly more time compare to static, and the
usage on the assets. Every phase has at-least one tool that
performance also depends efficient re-enforcement
automates the part of the process; information gathering
algorithm and the target asset scope.
about the assets, finding the injectable end-points and even
makes more comprehensive about the assets behaviour Scope coverage: If the scope of testing application or system
dynamically. The manual testing is needed where the is large, the automated testing tools are able to cover all
efficiency and accuracy of the tool lacks behind. known tests, which a person might miss some part, module
or features, this leading to cover and focus more on
Automated pentesting tools mostly work on the basis of
discovering new vulnerabilities.
static data format, either the result is exploitable or not,
sometimes false positive. To overcome this problem, new Consistency: The tools are able to update and upgrade the
and highly capable intelligence is being added like machine testing techniques to keep up with new attack and payloads.
learning, AI leading to re-enforcement learning module[7] New technologies are being developed and integrated into
which is capable of performing the task dynamically. The the existing systems or softwares, and it increases the scope
rate of false positive decrease as the dataset input to the and time on improving the dynamic testing systems with
system is relevant and up to date. One automation tool in new datasets. Consistency depends on how well the accuracy
both offensive and defensive security management depends and efficiency improves with every new tests.
on the other micro based tools. The tool is designed to find
Robust in Nature: Machine learning and AI based automation
the already specified vulnerable end point and try to inject
systems are robust in pentesting tasks. With trained
the payload which is generated based on specific type of
intelligence system testing module would able to discovery
vulnerability or the new way of updating the tool is pushing
new vulnerabilities like using Dijkstra algorithm etc[2].
the new trend exploits as a module to the tool, same way as
security patch to the system but here as a newly found Saves Time and Cost: Main purpose of including and usage of
exploit with payload. And is not a dynamic way of pentesting automation tools or systems is to save the test result
any assets. Tool only works on dataset, payload, injectable generation time and cost. Investing in manual pentesting job
end-points or form fields, or by checking the service or is going to cost more but it is necessary to conduct a manual
exploitable software version, attack takes place according to pentesting operations atleast once in a year. Manual
provided module based procedure with crafted payload. The pentesting over automation will lead to increasing the
most of re-enforcement learning based systems or tools are organization budget.
usually not open sourced[7] and it is not a good practice to
Less User Interaction: The tools need very less user
completely depend on free tools cause, maintenance and its
interactions over specific tasks or no interactions at all. The
consistency is not guaranteed by the developer[8]. Mainly
manual pentesting requires user interaction on all stages
the micro or open source tools are not tested in all
while reconnaissance, scanning and information gathering,
environments or situations. In defensive security operations,
attacking phase, remediation and report generating phase.
the person cannot handle the huge inspection of every
The automation tools are designed in such a way that, the
operations on internal network or hosted service behaviour,
user does not need to discover, attack and write the report at
the automated inspection and preventative tools plays the
the end of test every time.
middle role of alerting any suspicious activity to privileged
users, this leading to many advantage.

@ IJTSRD | Unique Paper ID – IJTSRD41315 | Volume – 5 | Issue – 4 | May-June 2021 Page 390
 International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
Report Generating: Almost all the open source and paid discoveries. Automated testing tool’s main scope should be
automation tools generate a complete scanning, fetched discovery the 0day loop holes.
information, discovered vulnerabilities and their severity
Reference
level, impact area and final recommended fixes after test in
[1] A. V. Erisa Karafili, "Automatic Firewalls’
reusable format as well as for report documentation.
Configuration Using Argumentation Reasoning,
In defensive approach, more than half of the tasks are "Springer, Cham, p. 15, 2020.
carried out by the automation systems or software; network
[2] J. Hoffmann, "Simulated Penetration Testing: From
and security operation centre. The system looks for
“Dijkstra” To “Turing Test++”,"ICAPS, p. 25, Apr 2015.
malicious patterns in data and control flow based on pattern
matching algorithm[10][11], system even tries to prevent it [3] G. S. J. H. M. S. Dorin Shmaryahu, "Simulated
from completing the task but with all under human Penetration Testing As Contingent Planning," ICAPS,
supervision. The pattern matching system generates alert on p. 28, Jun 2018.
the basis of percentage of impact is going make on any part
[4] F. U. R. J. A. D. M. R. Insha Altaf, "Vulnerability
of asset in the organization. The alert contains detail report
Assessment And Patching Management,
on specific application behaviour on which the pattern
"International Conference On Soft Computing
recognized, severity level, description of the attack or
Techniques And Implementations (ICSCTI -IEEE), p. 5,
malicious task, all resources utilization and some level of
Oct 2015.
recommendation to mitigate the continuation of the
malicious task. [5] J. A. R. K. Archibald, "Refining The Pointer “Human
Firewall” Pentesting Framework," Emerald Publishing
Conclusion and Future Scope
Limited, p. 27, Sept 2019.
There’s no control on restricting the growing technology and
number of devices on the internet, billions of devices gets [6] N. Samant, "Automated Penetration Testing," San Jose
added to internet every year. Developers, manufacturers and State University, 2011.
service owners does not perform proper testing phase, this
[7] Stefan Niculae, Daniel Dichiu, Kaifeng Yang, Thomas
leading to creating new continuous maintenance
Back, "Automating Penetration Testing Using
department. The application, service or software system gets
Reinforcement Learning.," Experimental Research
encountered on unsettled or completely new environment,
Unit Bitdefender & Natural Computing Group, Leiden
this causes new issues on the overall application behaviour,
Institute Of Advanced Computer Science., p. 13, 2015-
finally leading to organizational loss or losing user trust. The
2020.
automated testing and monitoring tools work to mitigate any
future impact before any attacker discovers and leverages [8] A. L. S. O. L. J. G. V. Esteban Alejandro Armas Vega,
the vulnerability. It is important to maintain the tool "Benchmarking Of Pentesting Tools," International
consistency and reliability on highest priority. Mainly the Journal Of Computer And Information Engineering, p.
algorithms in dynamic testing systems should get improved 4, 2017.
on accuracy, resource consumption should be decreased
leading to less load on performance and get faster result on [9] Matt Willems , "What Soc Automation Tools Can Do
every test. This can be achieved by properly testing the For Your Team," 28 Sep 2020. [Online]. Available:
overall performance at different environment and dataset Https://Logrhythm.Com/Blog/What-Automation-
before making it public. Can-Do-For-Your-Soc/.

Automated testing systems should mainly focus on other [10] P. N. Martti Lehto, Cyber Security: Analytics,
technology integration and working with different datasets. Technology and Automation, Springer, Cham, 2015.
Systems efficiency is measured by improvements in its [11] M. S. V. K. B. Vibha Gupta, "Analysis Of Pattern
performance. This can be achieved by leveraging the neural Matching Algorithms In Network Intrusion Detection
network and deep learning algorithms with proper module Systems," International Conference On Advances In
implementation, and focusing and feeding manual pentesting Computing, Communication, & Automation (Icacca) -
methodology to the system. More accurate algorithms IEEE, p. 5, Oct 2016.
decreases the false positive alerts and vulnerability

@ IJTSRD | Unique Paper ID – IJTSRD41315 | Volume – 5 | Issue – 4 | May-June 2021 Page 391