Statutory and Ethical Considerations for a Penetration Tester in the UK

1. The ethical issues relating to penetration testing and how to incorporate them operationally
2. A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test

Task 1 is an individual exercise. It is expected that this task will be in the region of 1500 words. You are expected to: Comment on the statutory and ethical considerations of a penetration tester working in the UK. Undertake research and critically compare the published penetration testing methodologies (such as OWASP, PTES, OSSTMM…) in order to deduce their applicability for this scenario.

Please note that your task is to critically compare existing methodologies against the scope of this scenario. As a result, we are not expecting you to provide an overview of them, not to provide a critique on types of PenTests and certainly not to tell us what is your favorite “pentesting color” (white, black, grey). In order to undertake the comparison, you will have to justify your comparison criteria. Your comparison criteria should be extracted from the scope of the scenario that has been described above.

If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and it is unlikely to obtain a pass grade.

The following report structure is expected:

1. Legal & Ethical Considerations
2. Comparison Criteria
3. PenTest Methodology Comparison