- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 325字
- 2021-04-09 21:21:00
The ethics
The ethical vision of security testing constitutes rules of engagement that have to be followed by an auditor to present professional, ethical, and authorized practices. These rules define how the testing services should be offered, how the testing should be performed, determine the legal contracts and negotiations, define the scope of testing, prepare the test plan, follow the test process, and manage a consistent reporting structure. Addressing each of these areas requires careful examination and design of formal practices and procedures that must be followed throughout the test engagement. Some examples of these rules have been discussed below.
- Offering testing services after breaking into the target system before making any formal agreement between the client and auditor should be completely forbidden. This act of unethical marketing can result in the failure of a business and may have legal implications depending on jurisdictions of a country.
- Performing a test beyond the scope of testing and crossing the identified boundaries without explicit permissions from a client is prohibited.
- Binding a legal contract that should limit the liability of a job unless any illegal activity is detected. The contract should clearly state the terms and conditions of testing, emergency contact information, statement of work, and any obvious conflicts of interest.
- Scope definition should clearly define all the contractual entities and the limits imposed to them during security assessment.
- Test plan concerns the amount of time required to assess the security of a target system. It is highly advisable to draw up a schedule that does not interrupt the production of business hours.
- Test process defines the set of steps necessary to follow during the test engagement. These rules combine technical and managerial views for restricting the testing process with its environment and people.
- Test results and reporting must be presented in a clear and consistent order. The report must mark all the known and unknown vulnerabilities, and should be delivered confidentially to the authorized individual only.
推薦閱讀
- UG NX 8.0基礎與實例教程
- Dreamweaver基礎與實戰教程
- AutoCAD 2019中文版從入門到精通
- Unity 2D與3D手機游戲開發實戰
- 移動App測試的22條軍規
- 品悟:Alias 2014+Showcase產品可視化造型與渲染
- Procreate+ SketchUp +Photoshop建筑設計手繪表現技法
- SOLIDWORKS Visualize 實例詳解(微視頻版)
- 從零開始:Photoshop工具詳解與實戰
- 邊做邊學:平面廣告設計與制作(Photoshop 2020+Illustrator 2020·第3版·微課版)
- Photoshop CS6數碼照片處理入門到精通
- Adobe Photoshop 國際認證培訓教材
- Final Cut Pro視頻后期剪輯零基礎入門到精通
- NetBeans IDE 7 Cookbook
- Business Process Execution Language for Web Services 2nd Edition