wonderfully unique software solutions

Five Acunetix tips for safer red team exercises

Red teaming is highly effective but can be a risky way to evaluate a business’s security posture – as the September 2019 arrest of two US pen testers on burglary charges showed.

However, Acunetix offers five top tips on approaching a red team exercise more safely.

* Agree on the conditions in detail ahead of red teaming

Spell out as much detail as possible, specifying the areas of your security programme you wish to test. Pen testers may try things like phishing, social engineering, or disabling physical security measures during a real-life attack.

* Have everything in writing

Ensure you are legally covered if anything goes wrong. A detailed agreement or contract will safeguard both the pen testers and you. Will testers need ID cards to prove they were carrying out a requested activity, if questioned by law enforcement, for example?

* Know relevant local laws

Regulations pertaining to penetration testing can vary greatly between countries or even regions. Ensure everyone, including internal teams, know about these laws. It’s easier to prevent problems than fix them afterwards.

* Inform potential stakeholders

Testing that involves checking human behaviour might mean people need to be kept in the dark. However, there can be serious consequences if key stakeholders are not kept in the loop: consider carefully who must be informed.

* Expect things to go wrong

Red teaming is, by its nature, invasive. Even if the team members perform professionally and carefully, accidents can happen. Therefore, protect the cyber and physical assets involved in penetration testing, including backups.

“Despite potential risks, penetration testing and red teaming are such an excellent way to verify the security posture that you should not be discouraged,” writes Acunetix blogger Tomasz Andrzej Nidecki.

Read the full article on Acunetix Web Security Zone.

Recent Articles

JFrog gets jump on Defense and threat intelligence designation

Developer tools company JFrog has achieved US Defense security certification for its Artifactory and Xray products, ahead of authorisation for its greater...

LastPass by LogMeIn polishes up password manager for consumers and business

LastPass has announced a slew of enhancements to its password manager software, including account recovery, save-and-fill, and onboarding improvements.

TeamViewer to deliver AR on Google Glass for the enterprise

Germany-based TeamViewer and Google Cloud have agreed a deal for the remote connectivity platform vendor to provide its enterprise-focused augmented reality (AR)...

Upgrading to Windows 11? Don’t forget your backup and PC check

Microsoft might be heavily promoting its latest operating system, Windows 11, everywhere online -- but perhaps don't rush to upgrade unless the...

Foxit adds to e-signature capabilities, acquiring eSign Genie

PDF editing software vendor Foxit has purchased an e-documentation rival, eSign Genie, for an undisclosed amount. Phil Lee, chief...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox