In Pursuit of a Standard Penetration Testing Methodology

ABSTRACT

Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature.  A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks.  The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.


AUTHORS

School of Information Systems, Deakin University
Australia

Justin D. Pierce, of Deakin University’s School of Information Systems, is an early-career academic whose primary research area is IT security. He holds a Bachelor of Information Technology with First Class Honours and is currently studying for a Ph.D. in authentication and security. Justin has published in the areas of Supply Chain Security, Security Attitudes, Penetration Testing, and Graphical Authentication.

School of Information Systems,Deakin University, Melbourne
Australia

Matt Warren Ph.D, is a senior information systems lecturer in the Department of Computing & Mathematics, Deakin University, Victoria, Australia. He specializes in computer security and information warfare. He is a member of Australian Standards Committee IT/12/4 Security Techniques and is the Australian Representative on IFIP 11 WG11 – Security Management. Matthew has published numerous pages in the area of Information Warfare and is co-author of Information Warfare: Corporate Attack and Defence in the Digital Age.

AllSecure-IT Pty. Ltd., Geelong
Australia

Xavier Corray has over 20 years experience as an IT consultant and has worked for IBM, Australia-New Zealand Bank, Hewlett Packard, and Hong Leong Bank Malaysia. He holds a Bachelor of Science in Computer Science from Deakin University, Australia and an MBA from Central Queensland University, Australia. Xavier is fluent in five different Asian languages and consults regularly to global clients. He is the Director of the Melbourne Chapter of ISACA.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com