Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Businesses will be able to test the expertise of their security teams with a series of penetration tests designed by an Australian security professional.
The tests, dubbed Exploitable Labs, emulated virtual e-commerce websites with varying information security controls that participants were tasked to break into.
Creator Wayne Ronaldson said scenarios were tailored to a range of skill levels and security expertise to allow paying businesses to assess the capabilities of potential employees, or test those of existing staff.
“It means a business could see if their security guys are strong in networks but lacking in web apps, so they can tailor training to create a well-rounded security team,” Ronaldson said.
“People have found it hard to decide the areas to train staff because security changes all the time. The tests help break down skills into strengths and weaknesses.”
He said it was also aimed at IT recuitment agencies which could use the service to vet candidates.
Ronaldson created the tests after seeing the wide range of skill levels in the security industry, in which he had worked as a penetration tester and security professional for about a decade.
The tests were designed to produce transparent performance reports and to be immune to automated vulnerability and exploitation tools.
This would distinguish mature security skills from those reliant on automation, better known as script kiddies.
Customers would receive a report detailing the number of vulnerabilities a candidate had found during the tests, exploits used, and even their methods of research.
Social engineers could tap into Twitter, Facebook and Skype accounts to ply fake staff usernames and passwords and run client side attacks. “It’s designed to be as real as possible,” Ronaldson said.
Large blue chip organisations in the US and Australian IT firms have already expressed an interest in putting staff through the service. Ronaldson declined to name them citing confidentiality agreements.
Exploit Labs has been in development for two years and will launch next week.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.