Loading…
Title

Protecting penetration tests: recommendations for improving ...

Description
For this work, recommendations for secure penetration testing are also applicable to red team services. the term “penetration testing” is used most frequently ... 17 pages
/0
Full Text
PROTECTING PENETRATION TESTS:RECOMMENDATIONS FORIMPROVING ENGAGEMENT SECURITYThis paper, and its associated presentation, represents a capstone toprevious years’ work by the author on the subject of vulnerabilitiesthat are present in penetration testing tools, procedures, and learningmaterials. These vulnerabilities and common practices have beenshown to unnecessarily put client systems and data at risk. Systemsand infrastructure used by penetration testing teams are also at risk ofcompromise, in the style of “ihuntpineapples” or worse: quietly and overa long period of time.In this work, the author presents a comprehensive set of recommendationsthat can be used to build secure penetration testing operations. Thisincludes technical recommendations, policies, procedures, as well asinformation on how to communicate and work with client organizationsabout the risks and mitigations. This paper addresses the balance ofmaking testing capabilities more professionally sound, while avoiding aneg...