DTA's ethical hackers at work


By Dylan Bushell-Embling
Monday, 20 March, 2017

DTA's ethical hackers at work

The Digital Transformation Agency (DTA) is taking a customised approach to security testing, operating a team of ethical hackers working within an agile environment.

In a blog post, DTA ethical hacker Stephen Bradshaw has detailed how the agency modified the standard practices used in security testing to better fit within an agile rather than waterfall environment.

Many traditional approaches to security testing are better suited to the latter environment, involving larger, more infrequent releases. This typically involves conducting testing with every new release, Bradshaw said.

To adapt to the DTA’s agile environment of smaller frequent releases, the ethical hacking team considers a variety of factors before initiating a test, including a particular project milestone being hit, time passing between tests, significant changes being made to the project code or at the request of a project team member.

While normally security testers are only available after development is complete, at the DTA developers and security testers also work together to try to catch security issues early in the development process.

This collaboration also makes the reporting of vulnerabilities more efficient, while granting testers easy access to source code repositories provides opportunities for automated checks.

“Ethical Hackers in the DTA are generally not formally assigned to the projects they work on. This is in contrast to the way most other technical staff in the DTA work. They instead sit within their own ‘secops’ team and work with projects on an as-needed basis,” Bradshaw added.

“This requires balancing the schedules of the team, and of each project they support. The culture at the DTA facilitates this approach.”

Image courtesy of Blogtrepreneur under CC

Follow us on Twitter and Facebook

Related News

Government data breaches have increased this year: OAIC

New statistics show the number of notified data breaches in Australia in the first half of 2024...

Chinese state-sponsored cyber espionage ring expands activity: report

Operation Crimson Palace, a Chinese state-sponsored espionage ring, has expanded in Southeast...

Jamie Norton appointed to ISACA Board of Directors

ISACA has appointed the former CISO at the Australian Taxation Office, Jamie Norton, to its Board...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd