Penetration testing requires technical prowess, creativity, and ingenuity to find unexpected ways of breaching a system. However, penetration testers face the added constraint that finding and exploiting vulnerabilities should neither harm the system nor encroach on the dignity of those affected by it.
We have been collaborating with a number of CREST member companies to better understand the role ethics plays in the decision making processes associated with penetration testing. We are also looking how interaction design techniques and tools can help testers make sense of threat intelligence they collect.
Contacts: Shamal Faily, John McAlaney
Funders: Bournemouth University