A taxonomy of penetration testing ethics

Pierce, Justin; Jones, A; Warren, Matthew

A taxonomy of penetration testing ethics

conference contribution

posted on 2005-01-01, 00:00 authored by Justin Pierce, A Jones, Matthew Warren

In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.

History

Title of proceedings

Conference proceedings of AiCE 2005 Geelong, September 26th, 2005, fourth Australian Institute of Computer Ethics Conference

Event

Australian Institute of Computer Ethics. Conference (4th : 2005 : Geelong)

Publisher

Deakin University, School of Information Systems

Location

Geelong, Australia

Place of publication

Geelong, Vic.

Start date

2005-09-26

ISBN-13

9781741560213

ISBN-10

1741560217

Language

eng

Publication classification

E1 Full written paper - refereed

Editor/Contributor(s)

M Warren

Usage metrics

Keywords

penetration testing computer security and computer ethics

Licence

Exports

RefWorks

BibTeX

Ref. manager

Endnote

DataCite

NLM

DC

A taxonomy of penetration testing ethics

History

Title of proceedings

Event

Publisher

Location

Place of publication

Start date

ISBN-13

ISBN-10

Language

Publication classification

Editor/Contributor(s)

Usage metrics

Categories

Keywords

Licence

Exports