Avoiding Pen Test DOOM: Protecting Customer Data

[Editor’s Note: As a professional penetration tester, target organization personnel put a lot of trust and faith in us.  We must treat their sensitive information very carefully, or else we’ll wind up in major hot water.  In this thought-provoking article, Tony Turner provides some fantastic tips for protecting pen test customer data.  Heed his warnings carefully.  The tips he discusses aren’t too onerous, and may just save your bacon some day.  Thanks, Tony, for the excellent article!  –Ed.]

By Tony Turner

It’s a good day. You’ve just received the P.O. for another large customer where you have been engaged to perform a penetration test for them. Fortunately for your customer, you are a professional and they can rely on your ethics and experience to deliver a quality product that creates significant value in their never-ending struggle to manage technology risk within their environment. They want you to simulate a real attacker which means you can harvest credit card numbers and sell them on carder forums, post their password hashes on Pastebin and tweet about how lamebrain they are. Right? Continue reading Avoiding Pen Test DOOM: Protecting Customer Data