How Are Penetration Teams Structured?

In this article, we examine the structures of the various types of penetration teams that are being used today.

In today’s world of penetration testing, there is no set method dictating how the teams are actually organized. The number of actual penetration testers involved in a project will depend primarily on key three factors:

  1. The types of penetration tests being performed
  2. The size of the business or corporation in question (this can be a direct function of employee size)
  3. The complexity of the IT Infrastructure to be tested

For example, if the organization that wants a pentest done has fewer than 20 employees, one can assume that the IT Infrastructure is relatively simple. In this particular instance, a complete penetration testing team may not be needed: two or three pentesters could be sufficient to carry out the required tests and compile the report(s) which summarize their findings and recommendations.

But if the organization which requires penetration testing is a large one (such as a Fortune 500 company with more than 10,000 employees) one can safely assume that the IT infrastructure is much more complex. Thus, a structured penetration testing team will be required. In these instances, there are usually two types of teams used:

The Red Team

This is the penetration testing team that actually launches the mock attack against the business’s lines of defense. This team simulates real types of cyberattacks in order to discover any unknown security vulnerabilities or weaknesses. The testing would typically include both the hardware and software sides.

In terms of the former, this would include such as items as servers and the entire network infrastructure itself. In terms of the latter, this would involve such items as the database and any type of web application that is employee- or customer-facing.

The Blue Team

This (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/fZFwJ9ija0U/