Blue chips eye Australian pen test assessments

Powered by SC Magazine
 

Online service to test staff skills.

Businesses will be able to test the expertise of their security teams with a series of penetration tests designed by an Australian security professional.

The tests, dubbed Exploitable Labs, emulated virtual e-commerce websites with varying information security controls that participants were tasked to break into.

Creator Wayne Ronaldson said scenarios were tailored to a range of skill levels and security expertise to allow paying businesses to assess the capabilities of potential employees, or test those of existing staff. 

“It means a business could see if their security guys are strong in networks but lacking in web apps, so they can tailor training to create a well-rounded security team,” Ronaldson said.

“People have found it hard to decide the areas to train staff because security changes all the time. The tests help break down skills into strengths and weaknesses.”

He said it was also aimed at IT recuitment agencies which could use the service to vet candidates.

Ronaldson created the tests after seeing the wide range of skill levels in the security industry, in which he had worked as a penetration tester and security professional for about a decade.

The tests were designed to produce transparent performance reports and to be immune to automated vulnerability and exploitation tools.

This would distinguish mature security skills from those reliant on automation, better known as script kiddies.

Customers would receive a report detailing the number of vulnerabilities a candidate had found during the tests, exploits used, and even their methods of research.

Social engineers could tap into Twitter, Facebook and Skype accounts to ply fake staff usernames and passwords and run client side attacks. “It’s designed to be as real as possible,” Ronaldson said.

Large blue chip organisations in the US and Australian IT firms have already expressed an interest in putting staff through the service. Ronaldson declined to name them citing confidentiality agreements.

Exploit Labs has been in development for two years and will launch next week.

Copyright © SC Magazine, Australia


Blue chips eye Australian pen test assessments
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote