By Paul Richards - Cyber Security Instructor and Lead Assessor at The Cyber Scheme
I was on-site, on an engagement, when I could hear my point-of-contact (POC) in the next room chatting to his colleague. His colleague said, “is the penetrator here?”. My POC said “yes, the penetrator is here.” I’ve always been somewhat conscious of some of the terms used in our industry and the move towards being a “Security Tester” as opposed to a penetration tester is a good one.
I’m very aware that as fast-moving Cyber Security is, the community doesn’t like change. When I was a “newbie” just learning my trade craft I was taught to use “ip a” because “ifconfig” was being depreciated. Many years on, we still have “ifconfig” because it still works, and people don’t like to change. While watching our assessments I can sometimes tell how long someone has been testing and which exams they have previously sat. I often smile because I see an “ifconfig” or an “-sP” nmap scan. I still see nmap with a “-g53” which I did on all my engagements for around 6 years before deciding it never reaped any rewards.
What are your thoughts on some of these language changes I have been playing with and experimenting with over the last few months during training Cyber Scheme training courses?
What are your thoughts on some of these language changes I have been playing with and experimenting with over the last few months during training Cyber Scheme training courses?
Penetration testing (pen testing) – Security testing (Credit to the UK Cyber Security Council)
Man-in-the-Middle (MITM) – Machine in the Middle (MITM) (Credit to Rob Marr – I was toying with Person-in-the-middle but Robs ideas allows the MITM acronym to live on.)
Whitelist – Allow list.
Blacklist – Block list.
White box testing – Full disclosure testing
Grey box testing – Partial disclosure testing
Black box testing – No disclosure testing
Master device – Primary device (credit to New York Times)
Slave device – Duplicate device (credit to New York Times)
Master database- Source database (credit to MySQL)
Slave database- Replica database (credit to MySQL)
I would be interested to know if any other Cyber Security terms are due for a more suitable term or replacement. Also do you still “-g53”?