Penetration Testing and Vulnerability Assessments: A Professional Approach

Konstantinos Xynos, Andrew Blyth, Iain Sutherland, Huw Read, Emlyn Everitt

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Attacks against computer systems and the data contained within these systems are becoming increasingly frequent and evermore sophisticated. So-called “zero-day” exploits can be purchased on black markets and Advanced Persistent Threats (APTs) can lead to exfiltration of data over extended periods. Organisations wishing to ensure security of their systems may look towards adopting appropriate measures to protect themselves against potential security breaches. One such measure is to hire the services of penetration testers (or “pen-tester”) to find vulnerabilities present in the organisation’s network, and provide recommendations as to how best to mitigate such risks. This paper discusses the definition and role of the modern pen-tester and summarises current standards and professional qualifications in the UK. The paper further identifies issues arising from pen-testers, highlighting differences from what is generally expected of their role in industry to what is demanded by professional qualifications.
Original languageEnglish
Title of host publicationN/A
Number of pages7
Publication statusPublished - 23 Aug 2010
Event 2010 International Cyber Resilience Conference - Perth Western Australia
Duration: 23 Aug 201023 Aug 2010


Conference 2010 International Cyber Resilience Conference


  • penetration testing
  • cyber security
  • vulnerability assessments


Dive into the research topics of 'Penetration Testing and Vulnerability Assessments: A Professional Approach'. Together they form a unique fingerprint.

Cite this