wonderfully unique software solutions

Five Acunetix tips for safer red team exercises

Red teaming is highly effective but can be a risky way to evaluate a business’s security posture – as the September 2019 arrest of two US pen testers on burglary charges showed.

However, Acunetix offers five top tips on approaching a red team exercise more safely.

* Agree on the conditions in detail ahead of red teaming

Spell out as much detail as possible, specifying the areas of your security programme you wish to test. Pen testers may try things like phishing, social engineering, or disabling physical security measures during a real-life attack.

* Have everything in writing

Ensure you are legally covered if anything goes wrong. A detailed agreement or contract will safeguard both the pen testers and you. Will testers need ID cards to prove they were carrying out a requested activity, if questioned by law enforcement, for example?

* Know relevant local laws

Regulations pertaining to penetration testing can vary greatly between countries or even regions. Ensure everyone, including internal teams, know about these laws. It’s easier to prevent problems than fix them afterwards.

* Inform potential stakeholders

Testing that involves checking human behaviour might mean people need to be kept in the dark. However, there can be serious consequences if key stakeholders are not kept in the loop: consider carefully who must be informed.

* Expect things to go wrong

Red teaming is, by its nature, invasive. Even if the team members perform professionally and carefully, accidents can happen. Therefore, protect the cyber and physical assets involved in penetration testing, including backups.

“Despite potential risks, penetration testing and red teaming are such an excellent way to verify the security posture that you should not be discouraged,” writes Acunetix blogger Tomasz Andrzej Nidecki.

Read the full article on Acunetix Web Security Zone.

Recent Articles

N-able rebrands RMM as N-sight – targeting IT teams and emerging MSPs

N-able has relaunched its RMM remote monitoring and management as N-able N-sight RMM, with a view to attracting more IT departments and...

Stormshield and partners warn of cybersecurity risks to Paris 2024

Giant global events -- such as the Paris 2024 Olympic Games -- can expect to continue to be targeted by cyber criminals...

Usecure builds security awareness focus, adds platform functionalities

MSP-focused security vendor Usecure is continuing to expand the capabilities of its human risk management focused software for partners.

Phishing attacks still plague common file types, Hornetsecurity warns

Phishing via archive, HTML, Excel or PDF files remain the leading email-based cyber attack on organisations, according to cybersecurity specialists at Hornetsecurity.

How TechSmith video-based learning can boost diversity and inclusion

When Hillsborough Community College in the USA wanted to create a remote-learning platform to assist students who use sign language, it turned...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox