Penetration testing has existed as a cyber security assurance activity for many years. Although frequently used, the phrase lacks clear definition and is often misunderstood. For many individuals, phrases such as security auditing, penetration testing, vulnerability analysis, ethical hacking, and red teaming all mean the same thing.
CREST has been accrediting penetration testing companies since 2006 and by the end of 2021, it had assessed more than 250 organizations that deliver penetration testing services around the globe. During this time span, the expectations around what a penetration test is have evolved. In parallel, the toolsets, platforms, and delivery methods that can be used to provide penetration tests have changed significantly. Over the past 15 years, the number of organizations across the globe that procure penetration tests has increased markedly and, accordingly, it is CREST's considered opinion that there is increased need to define a set of minimum expectations that should be associated with a penetration test.
This session will shed light on the snake oil in the industry. War stories will provide suggestions on how to work in the industry and help you be commercially defensible.