Abstract
Attacks against computer systems and the data contained within these systems are becoming increasingly frequent and evermore sophisticated. So-called “zero-day” exploits can be purchased on black markets and Advanced Persistent Threats (APTs) can lead to exfiltration of data over extended periods. Organisations wishing to ensure security of their systems may look towards adopting appropriate measures to protect themselves against potential security breaches. One such measure is to hire the services of penetration testers (or “pen-tester”) to find vulnerabilities present in the organisation’s network, and provide recommendations as to how best to mitigate such risks. This paper discusses the definition and role of the modern pen-tester and summarises current standards and professional qualifications in the UK. The paper further identifies issues arising from pen-testers, highlighting differences from what is generally expected of their role in industry to what is demanded by professional qualifications.
Original language | English |
---|---|
Title of host publication | N/A |
Number of pages | 7 |
Publication status | Published - 23 Aug 2010 |
Event | 2010 International Cyber Resilience Conference - Perth Western Australia Duration: 23 Aug 2010 → 23 Aug 2010 |
Conference
Conference | 2010 International Cyber Resilience Conference |
---|---|
Period | 23/08/10 → 23/08/10 |
Keywords
- penetration testing
- cyber security
- vulnerability assessments