In Pursuit of a Standard Penetration Testing Methodology

ABSTRACT

Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature.  A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks.  The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.


AUTHORS

School of Information Systems, Deakin University
Australia

Justin D. Pierce, of Deakin University’s School of Information Systems, is an early-career academic whose primary research area is IT security. He holds a Bachelor of Information Technology with First Class Honours and is currently studying for a Ph.D. in authentication and security. Justin has published in the areas of Supply Chain Security, Security Attitudes, Penetration Testing, and Graphical Authentication.

Photo of Professor Matt Warren

RMIT University Centre for Cyber Security Research & Innovation
College of Business and Law, RMIT University
Melbourne, Australia

Centre for Cyber Security, Academy for Computer Science and Software Engineering University of Johannesburg,
Johannesburg, South Africa

Professor Matt Warren is the Director of the RMIT Centre of Cyber Security Research and Innovation and a Professor of Cyber Security at RMIT University, Australia. Professor Warren is a researcher in the areas of cyber security and computer ethics. He has authored and co-authored over 300 books, book chapters, journal papers, and conference papers. He has received numerous grants and awards from national and international funding bodies, such as AustCyber, Australian Research Council (ARC); CyberCRC, Engineering Physical Sciences Research Council (EPSRC) in the UK; National Research Foundation in South Africa and the European Union.

Professor Warren gained his PhD in Information Security Risk Analysis from the University of Plymouth, United Kingdom and he has taught in Australia, Finland, Hong Kong, and the United Kingdom. Professor Warren is a Fellow of the Australian Computer Society.

AllSecure-IT Pty. Ltd., Geelong
Australia

Xavier Corray has over 20 years experience as an IT consultant and has worked for IBM, Australia-New Zealand Bank, Hewlett Packard, and Hong Leong Bank Malaysia. He holds a Bachelor of Science in Computer Science from Deakin University, Australia and an MBA from Central Queensland University, Australia. Xavier is fluent in five different Asian languages and consults regularly to global clients. He is the Director of the Melbourne Chapter of ISACA.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Principal Office

  • Journal of Information Warfare
  • ArmisteadTEC
  • 525 Landfall Arch,
  • Virginia Beach, VA 23462

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com