wonderfully unique software solutions

Five Acunetix tips for safer red team exercises

Red teaming is highly effective but can be a risky way to evaluate a business’s security posture – as the September 2019 arrest of two US pen testers on burglary charges showed.

However, Acunetix offers five top tips on approaching a red team exercise more safely.

* Agree on the conditions in detail ahead of red teaming

Spell out as much detail as possible, specifying the areas of your security programme you wish to test. Pen testers may try things like phishing, social engineering, or disabling physical security measures during a real-life attack.

* Have everything in writing

Ensure you are legally covered if anything goes wrong. A detailed agreement or contract will safeguard both the pen testers and you. Will testers need ID cards to prove they were carrying out a requested activity, if questioned by law enforcement, for example?

* Know relevant local laws

Regulations pertaining to penetration testing can vary greatly between countries or even regions. Ensure everyone, including internal teams, know about these laws. It’s easier to prevent problems than fix them afterwards.

* Inform potential stakeholders

Testing that involves checking human behaviour might mean people need to be kept in the dark. However, there can be serious consequences if key stakeholders are not kept in the loop: consider carefully who must be informed.

* Expect things to go wrong

Red teaming is, by its nature, invasive. Even if the team members perform professionally and carefully, accidents can happen. Therefore, protect the cyber and physical assets involved in penetration testing, including backups.

“Despite potential risks, penetration testing and red teaming are such an excellent way to verify the security posture that you should not be discouraged,” writes Acunetix blogger Tomasz Andrzej Nidecki.

Read the full article on Acunetix Web Security Zone.

Recent Articles

Access to edtech one of four keys to schooling success

A survey by learning management system (LMS) vendor Instructure has confirmed four socio-economic factors as critical when it comes to the learning...

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture,...

Stormshield partners deliver cybersecurity with sovereignty for ministry of defence

A decade of a national defence ministry's collaboration with Europe-based cybersecurity provider Stormshield has delivered cybersecurity improvements, without adding risk of information...

Octopus Deploy deprecates Server authentication, certifies with HashiCorp

Devops-focused config management company Octopus Deploy has rounded off November with a trio of updates -- affecting Octopus Server developers, HashiCorp Vault...

SolarWinds and HCL expand enterprise AI for IT ops partnership

Infrastructure applications vendor SolarWinds and HCL Software are expanding their work together delivering enterprise AI and ITops management offerings.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox