Research Lifts the Veil on Penetration Testing Practices that Undermine Industry Goals – Digitalmunition




News no image

Published on August 7th, 2019 📆 | 6046 Views ⚑

0

Research Lifts the Veil on Penetration Testing Practices that Undermine Industry Goals

BlackBerry Logo Black (PRNewsfoto/Blackberry Limited)

Included in the report is a case study of an advanced persistent threat (APT) like group which the research team found to be operating openly as a Brazilian security firm that is linked to the exposure of sensitive air traffic control data. This revelation is one of a number of findings in the report that demonstrate how the line distinguishing pentesting exercises from actual threat actor behavior has thinned.

Kevin Livelli, Director of Threat Intelligence at BlackBerry Cylance. “We must hold ourselves accountable to each other and to ourselves to ensure that we remain good stewards for those who rely on our support – and be deserving of their trust.”” data-reactid=”26″>”Though many of our findings are uncomfortable, we are sharing this research in order to start a conversation we hope will help better educate security researchers, pentesters, and the clients they both seek to serve,” says Kevin Livelli, Director of Threat Intelligence at BlackBerry Cylance. “We must hold ourselves accountable to each other and to ourselves to ensure that we remain good stewards for those who rely on our support – and be deserving of their trust.”

The research also explores the tradecraft of more than two dozen well-known companies offering pentesting services, from boutiques to blue chips, and finds the widespread exposure of client data in semi-public repositories.

Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance. “We want this report to help the security community, and the clients they serve, think more critically about how red teaming operations can impact security, agree to guiding principles for engagements such as data handling, and bring awareness to dangerous testing practices, inadvertent or not.”” data-reactid=”28″>”Over the past five years the explosion of groups around the globe offering offensive testing services has led to practices that can materially compromise a company’s security posture,” said Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance. “We want this report to help the security community, and the clients they serve, think more critically about how red teaming operations can impact security, agree to guiding principles for engagements such as data handling, and bring awareness to dangerous testing practices, inadvertent or not.”

Story continues

 

View original content to download multimedia:http://www.prnewswire.com/news-releases/research-lifts-the-veil-on-penetration-testing-practices-that-undermine-industry-goals-300897918.html

Source link

Tagged with:



Leave a Reply