PROTECTING PENETRATION TESTS:RECOMMENDATIONS FORIMPROVING ENGAGEMENT SECURITYThis paper, and its associated presentation, represents a capstone toprevious years’ work by the author on the subject of vulnerabilitiesthat are present in penetration testing tools, procedures, and learningmaterials. These vulnerabilities and common practices have beenshown to unnecessarily put client systems and data at risk. Systemsand infrastructure used by penetration testing teams are also at risk ofcompromise, in the style of “ihuntpineapples” or worse: quietly and overa long period of time.In this work, the author presents a comprehensive set of recommendationsthat can be used to build secure penetration testing operations. Thisincludes technical recommendations, policies, procedures, as well asinformation on how to communicate and work with client organizationsabout the risks and mitigations. This paper addresses the balance ofmaking testing capabilities more professionally sound, while avoiding aneg...
- how does a red team vs blue team exercise help an organisation
- cyber attack tree examples
- attack trees example
- attack trees in cyber security
- attack tree vs threat model
- what do accenture's cyber fusion centers
- why is it important for companies to plan for internal threats?
- foundations of attack trees