wonderfully unique software solutions

Five Acunetix tips for safer red team exercises

Red teaming is highly effective but can be a risky way to evaluate a business’s security posture – as the September 2019 arrest of two US pen testers on burglary charges showed.

However, Acunetix offers five top tips on approaching a red team exercise more safely.

* Agree on the conditions in detail ahead of red teaming

Spell out as much detail as possible, specifying the areas of your security programme you wish to test. Pen testers may try things like phishing, social engineering, or disabling physical security measures during a real-life attack.

* Have everything in writing

Ensure you are legally covered if anything goes wrong. A detailed agreement or contract will safeguard both the pen testers and you. Will testers need ID cards to prove they were carrying out a requested activity, if questioned by law enforcement, for example?

* Know relevant local laws

Regulations pertaining to penetration testing can vary greatly between countries or even regions. Ensure everyone, including internal teams, know about these laws. It’s easier to prevent problems than fix them afterwards.

* Inform potential stakeholders

Testing that involves checking human behaviour might mean people need to be kept in the dark. However, there can be serious consequences if key stakeholders are not kept in the loop: consider carefully who must be informed.

* Expect things to go wrong

Red teaming is, by its nature, invasive. Even if the team members perform professionally and carefully, accidents can happen. Therefore, protect the cyber and physical assets involved in penetration testing, including backups.

“Despite potential risks, penetration testing and red teaming are such an excellent way to verify the security posture that you should not be discouraged,” writes Acunetix blogger Tomasz Andrzej Nidecki.

Read the full article on Acunetix Web Security Zone.

Recent Articles

JetBrains TeamCity eases CI/CD admin for devops teams

Dev tools company JetBrains has released Terraform Provider for TeamCity with a view to improving systems administration capabilities for CI/CD projects.

Nitro says delete these three non-tech obstacles to paperless digitisation

Organisations can address sustainability through cultural, habit and perception gaps on increased digitisation, according to Nitro, a software vendor of PDF editing,...

ML coding aims for larger leap with JFrog-Amazon integration

Developer software company JFrog is offering an integration with Amazon SageMaker that it says will help customers build, train and deploy machine...

OpenText beefs up secure information management in security audits

Business software vendor OpenText has launched the second generation of its advanced cybersecurity auditing tool, Fortify Audit Assistant. Prentiss...

JetBrains promotes principal dev Kirill Skrygan to CEO

Coding software company JetBrains has announced that Kirill Skrygan has taken the reins of the Czech company as chief executive officer (CEO).

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox