Blue chips eye Australian pen test assessments

Powered by SC Magazine
 

Online service to test staff skills.

Businesses will be able to test the expertise of their security teams with a series of penetration tests designed by an Australian security professional.

The tests, dubbed Exploitable Labs, emulated virtual e-commerce websites with varying information security controls that participants were tasked to break into.

Creator Wayne Ronaldson said scenarios were tailored to a range of skill levels and security expertise to allow paying businesses to assess the capabilities of potential employees, or test those of existing staff. 

“It means a business could see if their security guys are strong in networks but lacking in web apps, so they can tailor training to create a well-rounded security team,” Ronaldson said.

“People have found it hard to decide the areas to train staff because security changes all the time. The tests help break down skills into strengths and weaknesses.”

He said it was also aimed at IT recuitment agencies which could use the service to vet candidates.

Ronaldson created the tests after seeing the wide range of skill levels in the security industry, in which he had worked as a penetration tester and security professional for about a decade.

The tests were designed to produce transparent performance reports and to be immune to automated vulnerability and exploitation tools.

This would distinguish mature security skills from those reliant on automation, better known as script kiddies.

Customers would receive a report detailing the number of vulnerabilities a candidate had found during the tests, exploits used, and even their methods of research.

Social engineers could tap into Twitter, Facebook and Skype accounts to ply fake staff usernames and passwords and run client side attacks. “It’s designed to be as real as possible,” Ronaldson said.

Large blue chip organisations in the US and Australian IT firms have already expressed an interest in putting staff through the service. Ronaldson declined to name them citing confidentiality agreements.

Exploit Labs has been in development for two years and will launch next week.

Copyright © SC Magazine, Australia


Blue chips eye Australian pen test assessments
 
 
 
Top Stories
Don’t mention digital disruption to David Whiteing
Buzzwords don’t curry favour with CBA's new CIO - it’s all just innovation to him.
 
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  43%
 
No
  57%
TOTAL VOTES: 590

Vote