Abstract
Offensive security-tests are commonly employed to pro-actively discover potential vulnerabilities. They are performed by specialists, also known as penetration-testers or white-hat hackers. The chronic lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve this, researchers and tool builders need a solid understanding of how hackers work, their assumptions, and pain points. In this paper, we present a first data-driven exploratory qualitative study of twelve security professionals, their work and problems occurring therein. We perform a thematic analysis to gain insights into the execution of security assignments, hackers' thought processes and encountered challenges. This analysis allows us to conclude with recommendations for researchers and tool builders, to increase the efficiency of their automation and identify novel areas for research.
Author supplied keywords
Cite
CITATION STYLE
Happe, A., & Cito, J. (2023). Understanding Hackers’ Work: An Empirical Study of Offensive Security Practitioners. In ESEC/FSE 2023 - Proceedings of the 31st ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1669–1680). Association for Computing Machinery, Inc. https://doi.org/10.1145/3611643.3613900
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
