In Pursuit of a Standard Penetration Testing Methodology

ABSTRACT
Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature. A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks. The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.
AUTHORS

School of Information Systems, Deakin University
Australia
Justin D. Pierce, of Deakin University’s School of Information Systems, is an early-career academic whose primary research area is IT security. He holds a Bachelor of Information Technology with First Class Honours and is currently studying for a Ph.D. in authentication and security. Justin has published in the areas of Supply Chain Security, Security Attitudes, Penetration Testing, and Graphical Authentication.

RMIT University Centre for Cyber Security Research & Innovation
College of Business and Law, RMIT University
Melbourne, Australia
Centre for Cyber Security, Academy for Computer Science and Software Engineering University of Johannesburg,
Johannesburg, South Africa
Matt Warren is the Director of the RMIT University Centre for Cyber Security Research and Innovation (CCSRI) and a Professor of Cyber Security at RMIT University, Australia. Warren is the co-director of the Australian/Lithuanian Cyber Research Network. Professor Warren is a researcher in the areas of cybersecurity. He has authored and co-authored over 300 books, book chapters, journal papers, and conference papers. He has received numerous grants and awards from national and international funding bodies, such as: Australian Research Council (ARC); Australian Department of Defence; Lithuanian Research Council, Engineering Physical Sciences Research Council (EPSRC) in the UK; National Research Foundation in South Africa and the European Union.

AllSecure-IT Pty. Ltd., Geelong
Australia
Xavier Corray has over 20 years experience as an IT consultant and has worked for IBM, Australia-New Zealand Bank, Hewlett Packard, and Hong Leong Bank Malaysia. He holds a Bachelor of Science in Computer Science from Deakin University, Australia and an MBA from Central Queensland University, Australia. Xavier is fluent in five different Asian languages and consults regularly to global clients. He is the Director of the Melbourne Chapter of ISACA.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive