wonderfully unique software solutions

Five Acunetix tips for safer red team exercises

Red teaming is highly effective but can be a risky way to evaluate a business’s security posture – as the September 2019 arrest of two US pen testers on burglary charges showed.

However, Acunetix offers five top tips on approaching a red team exercise more safely.

* Agree on the conditions in detail ahead of red teaming

Spell out as much detail as possible, specifying the areas of your security programme you wish to test. Pen testers may try things like phishing, social engineering, or disabling physical security measures during a real-life attack.

* Have everything in writing

Ensure you are legally covered if anything goes wrong. A detailed agreement or contract will safeguard both the pen testers and you. Will testers need ID cards to prove they were carrying out a requested activity, if questioned by law enforcement, for example?

* Know relevant local laws

Regulations pertaining to penetration testing can vary greatly between countries or even regions. Ensure everyone, including internal teams, know about these laws. It’s easier to prevent problems than fix them afterwards.

* Inform potential stakeholders

Testing that involves checking human behaviour might mean people need to be kept in the dark. However, there can be serious consequences if key stakeholders are not kept in the loop: consider carefully who must be informed.

* Expect things to go wrong

Red teaming is, by its nature, invasive. Even if the team members perform professionally and carefully, accidents can happen. Therefore, protect the cyber and physical assets involved in penetration testing, including backups.

“Despite potential risks, penetration testing and red teaming are such an excellent way to verify the security posture that you should not be discouraged,” writes Acunetix blogger Tomasz Andrzej Nidecki.

Read the full article on Acunetix Web Security Zone.

Recent Articles

Intel targets edge computing and 5G services advances with Red Hat

Edge computing and 5G services are set for a boost from Intel announcements at the virtual iteration of the global Consumer Electronics...

Trojans, backdoor and malicious worm attacks target home workers

The proportion of Trojans as an overall share of malware detected leaped nearly 41% year on year during 2020, according to Kaspersky's...

Why no-code software could be key to the post-Covid business

'No code' software platforms might help businesses adapt as they scramble to emerge from the SARS-CoV-2 crisis this year, according to Smartsheet's...

Multiscans boost threat detection rates and file upload safety, says Opswat

Single anti-malware engines usually detect up to 91.8 % of cyber threats but some only have 80% or even 40% detection rates...

Tough times accelerate development — and creativity — at Paessler

Times are tough for many businesses yet the 'pain zone' itself can be the inspiration for creative solutions, according to Paessler country...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox