In Pursuit of a Standard Penetration Testing Methodology
ABSTRACT
Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature. A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks. The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.
AUTHORS
School of Information Systems, Deakin University
Australia
Justin D. Pierce, of Deakin University’s School of Information Systems, is an early-career academic whose primary research area is IT security. He holds a Bachelor of Information Technology with First Class Honours and is currently studying for a Ph.D. in authentication and security. Justin has published in the areas of Supply Chain Security, Security Attitudes, Penetration Testing, and Graphical Authentication.
RMIT University
Melbourne, Australia
Univeristy of Johannesburg,
Johannesburg, South Africa
Matt Warren is the Director of the RMIT Centre of Cyber Security Research and Innovation and a Professor of Cyber Security at RMIT University, Australia. Professor Warren is a researcher in the areas of cyber security and computer ethics. He has authored and co-authored over 300 books, book chapters, journal papers, and conference papers. He has received numerous grants and awards from national and international funding bodies, such as AustCyber, Australian Research Council (ARC), CyberCRC, Engineering Physical Sciences Research Council (EPSRC) in the UK, National Research Foundation in South Africa and the European Union. Professor Warren earned his Ph.D. in Information Security Risk Analysis from the University of Plymouth, United Kingdom and he has taught in Australia, Finland, Hong Kong, and the United Kingdom. Professor Warren is a Fellow of the Australian Computer Society.
AllSecure-IT Pty. Ltd., Geelong
Australia
Xavier Corray has over 20 years experience as an IT consultant and has worked for IBM, Australia-New Zealand Bank, Hewlett Packard, and Hong Leong Bank Malaysia. He holds a Bachelor of Science in Computer Science from Deakin University, Australia and an MBA from Central Queensland University, Australia. Xavier is fluent in five different Asian languages and consults regularly to global clients. He is the Director of the Melbourne Chapter of ISACA.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive