A Cyclical Penetration Testing Automation Methodology: The JetRacer Case Study

The integration of IT systems into daily life has become indispensable, with the Internet of Things (IoT) playing a crucial role in optimizing operations across different domains. Autonomous AI racecars, such as JetRacer, exemplify the innovative applications of IoT and AI technologies in automotive systems, driving advancements in these fields. However, the widespread adoption of IoT systems has heightened security concerns due to their limited resources and the inadequate security focus during their design. Penetration testing, a critical approach to identify and document security gaps, is often time-intensive, complex, and costly. To overcome these challenges, we propose an automated solution that simplifies penetration testing processes. Our approach utilizes a graph-based model to automatically generate penetration test plans. This paper incorporates automated execution of tests and dynamic updates to the model, based on test outcomes, ensuring a cyclic process. The methodology, fully implemented by a dedicated tool, has been applied in the context of autonomous racecars (i.e. JetRacer), with a step-by-step case study for cyclic penetration test.