ANALYSIS AND COMPARATIVE RESEARCH OF THE MAIN APPROACHES TO THE MATHEMATICAL FORMALIZATION OF THE PENETRATION TESTING PROCESS

In dynamic models, threats (vulnerabilities) can be viewed as a flow of temporary events. If the intervals of realized cyber threats are recorded, then a continuous log-list of events related to software security can be formed. In some cases and models, only the number of realized cyber threats for an arbitrary time interval can be recorded. In this case, the software response to threats can be represented only at discrete points. In static models, the implementation of cyber threats is not related to time, but the dependence of the number of errors or the number of implemented test cases (models by error area) on the characteristics of the input data (models by data area) is taken into account. The article analyzes the methods of mathematical formalization of the software penetration testing process. This software testing method is one of many approaches to testing the security of computer systems. The article substantiates the importance of the processes of preliminary prototyping and mathematical formalization. The classification is carried out and the advantages and disadvantages of the main approaches of mathematical modeling are highlighted. The list and main characteristics of dynamic and static models are presented. One of the negative factors of formalization is indicated - the neglect of the factors of a priori uncertainty in the safety parameters in static models.