Yes, penetration testing might need standardisation. No, it’s not the way you think.
No ratings
Presented at BSidesManchester 2015 by
You’ve read the title and you’re panicking. Don’t. This isn’t a talk about having a standardised methodology for conducting penetration tests. It is, however, a talk about the way the industry offers services and what clients receive in return. Standardisation here might be good not only for clients, but also the individuals delivering these services (such as yourself). This talk is based on a market analysis (involving 54 stakeholder interviews) by the British Standards Institution (BSI) and Lancaster University.