Ethics and Design in Penetration Testing

Image copyright Universal Studios

Image copyright Universal Studios

Overview
Penetration testing requires technical prowess, creativity, and ingenuity to find unexpected ways of breaching a system. However, penetration testers face the added constraint that finding and exploiting vulnerabilities should neither harm the system nor encroach on the dignity of those affected by it.

We have been collaborating with a number of CREST member companies to better understand the role ethics plays in the decision making processes associated with penetration testing.  We are also looking how interaction design techniques and tools can help testers make sense of threat intelligence they collect.

Contacts: Shamal Faily, John McAlaney

Funders: Bournemouth University

Related Publications

  • [PDF] S. Faily, C. Iacob, and S. Field, “Ethical Hazards and Safeguards in Penetration Testing,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{faif16,
    Author = {Shamal Faily and Claudia Iacob and Sarah Field},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Ethical Hazards and Safeguards in Penetration Testing}},
    Year = {2016}}
  • [PDF] S. Faily, J. McAlaney, and C. Iacob, “Ethical Dilemmas and Dimensions in Penetration Testing,” in Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), 2015, p. 233–242.
    [Bibtex]
    @inproceedings{fami15,
    Author = {Shamal Faily and John McAlaney and Claudia Iacob},
    Booktitle = {{Proceedings of the 9th International Symposium on Human Aspects of Information Security \& Assurance (HAISA 2015)}},
    Pages = {233--242},
    Publisher = {University of Plymouth},
    Title = {{Ethical Dilemmas and Dimensions in Penetration Testing}},
    Year = {2015}}
  • [PDF] J. McAlaney, J. Taylor, and S. Faily, “The social psychology of cybersecurity,” in Proceedings of the 1st International Conference on Cyber Security for Sustainable Society, 2015.
    [Bibtex]
    @inproceedings{mctf15,
    Author = {John McAlaney and Jacqui Taylor and Shamal Faily},
    Booktitle = {{Proceedings of the 1st International Conference on Cyber Security for Sustainable Society}},
    Note = {To Appear},
    Publisher = {Working Papers of the SSN+},
    Title = {The Social Psychology of Cybersecurity},
    Year = {2015}}