The simulated security assessment ecosystem: Does penetration testing need standardisation?

نویسندگان

  • William Knowles
  • Alistair Baron
  • Tim McGarr
چکیده

Simulated security assessments (a collective term used here for penetration testing, vulnerability assessment, and related nomenclature) may need standardisation, but not in the commonly assumed manner of practical assessment methodologies. Instead, this study highlights market failures within the providing industry at the beginning and ending of engagements, which has left clients receiving ambiguous and inconsistent services. It is here, at the prior and subsequent phases of practical assessments that standardisation may serve the continuing professionalisation of the industry, and provide benefits not only to clients, but the practitioners involved in the provision of these services. These findings are based on the results of 54 stakeholder interviews with providers of services, clients, and coordinating bodies within the industry. The paper culminates with a framework for future advancement of the ecosystem, which includes three recommendations for standardisation.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Towards Side-Effects-free Database Penetration Testing

Penetration testing is one of the most traditional and widely used techniques to detect security flaws in systems by conducting simulated-attacks to the target systems. Organizations can develop a tool based on this technique to assess their own security systems or use third party softwares. However, besides its advantages in exploring real security vulnerabilities without false results, this t...

متن کامل

Simulated Penetration Testing and Mitigation Analysis

Penetration testing is a well-established practical concept for the identification of potentially exploitable security weaknesses and an important component of a security audit. Providing a holistic security assessment for networks consisting of several hundreds hosts is hardly feasible though without some sort of mechanization. Mitigation, prioritizing countermeasures subject to a given budget...

متن کامل

Vulnerability Assessment and Penetration Testing

In this modern world, all of the persons are using the facility of internet. SECURITY is one of the major issue of the internet. Everyday highly skilled hackers breach the security and take the advantage of vulnerabilities to access the confidential data. To overcome this problem one solution was suggested named Vulnerability Assessment and Penetration Testing (VAPT). Vulnerability Assessment i...

متن کامل

Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities

Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities by Matthew Smith Finifter Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Chair There is an entire ecosystem of tools, techniques, and processes designed to improve software security by preventing, finding, mitigating, and/or...

متن کامل

Backtrack in the Outback - A Preliminary Report on Cyber Security Evaluation of Organisations in Western Australia

The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulner...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computers & Security

دوره 62  شماره 

صفحات  -

تاریخ انتشار 2016