International Business Machines Corporation
Automatic penetration testing enablement of regression buckets

Abstract:

A computer-implemented method for generating penetration tests automatically includes parsing an existing system test case, and identifying a particular program call in the system test case. The particular program call can require a particular data access authorization. The method further includes, in response to the system test case including the particular program call, generating a penetration test using a predetermined attack vector. The method further includes executing the penetration test and detecting an unauthorized access being performed during the penetration test. Further, the method includes responsively, sending a notification that identifies the particular program call.