Security

RUST: The Reusable Security Toolkit

Download Now Free registration required

Executive Summary

Testing an anti-phishing technology is time-consuming. One must build real and spoofed websites that employ the technology, carefully devise a test scenario, recruit subjects, run sessions, administer questionnaires, evaluate behavior, analyze collected data, etc. Certain aspects of this process are irreducible. To test a technology, for example, it has to be running somewhere. Other aspects, though, are more amenable to automation. In particular, a user's actual click-through behavior can be captured by various mechanisms including modifying the browser or mailer, modifying the web server or scripts, or log file analysis. Still, these can be difficult to prepare as well, if any new anti-phishing technology requires custom software to do the monitoring or analysis.

  • Format: PDF
  • Size: 110 KB