<div class="csl-bib-body">
<div class="csl-entry">Happe, A., & Cito, J. (2023). Understanding Hackers’ Work: An Empirical Study of Offensive Security Practitioners. In <i>ESEC/FSE 2023: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i> (pp. 1669–1680). Association for Computing Machinery. https://doi.org/10.1145/3611643.3613900</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/192203
-
dc.description.abstract
Offensive security-tests are commonly employed to pro-actively discover potential vulnerabilities. They are performed by specialists, also known as penetration-testers or white-hat hackers. The chronic lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve this, researchers and tool builders need a solid understanding of how hackers work, their assumptions, and pain points.
In this paper, we present a first data-driven exploratory qualitative study of twelve security professionals, their work and problems occurring therein. We perform a thematic analysis to gain insights into the execution of security assignments, hackers' thought processes and encountered challenges. This analysis allows us to conclude with recommendations for researchers and tool builders, to increase the efficiency of their automation and identify novel areas for research.
en
dc.language.iso
en
-
dc.subject
Penetration-Testing
en
dc.subject
Hacking
en
dc.subject
Usability in Privacy and Security
en
dc.subject
Empirical Study
en
dc.title
Understanding Hackers’ Work: An Empirical Study of Offensive Security Practitioners
en
dc.type
Inproceedings
en
dc.type
Konferenzbeitrag
de
dc.contributor.affiliation
TU Wien, Österreich
-
dc.relation.isbn
9798400703270
-
dc.description.startpage
1669
-
dc.description.endpage
1680
-
dc.type.category
Full-Paper Contribution
-
tuw.booktitle
ESEC/FSE 2023: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
-
tuw.peerreviewed
true
-
tuw.relation.publisher
Association for Computing Machinery
-
tuw.relation.publisherplace
New York
-
tuw.researchTopic.id
X1
-
tuw.researchTopic.name
Beyond TUW-research foci
-
tuw.researchTopic.value
100
-
tuw.publication.orgunit
E194-01 - Forschungsbereich Software Engineering
-
tuw.publisher.doi
10.1145/3611643.3613900
-
dc.description.numberOfPages
12
-
tuw.author.orcid
0009-0000-2484-0109
-
tuw.event.name
ESEC/FSE'23 : 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
en
tuw.event.startdate
03-12-2023
-
tuw.event.enddate
09-12-2023
-
tuw.event.online
On Site
-
tuw.event.type
Event for scientific audience
-
tuw.event.place
San Francisco
-
tuw.event.country
US
-
tuw.event.institution
ACM
-
tuw.event.presenter
Happe, Andreas
-
tuw.event.track
Multi Track
-
wb.sciencebranch
Informatik
-
wb.sciencebranch.oefos
1020
-
wb.sciencebranch.value
100
-
item.languageiso639-1
en
-
item.openairetype
conference paper
-
item.grantfulltext
none
-
item.fulltext
no Fulltext
-
item.cerifentitytype
Publications
-
item.openairecristype
http://purl.org/coar/resource_type/c_5794
-
crisitem.author.dept
TU Wien
-
crisitem.author.dept
E194-01 - Forschungsbereich Software Engineering
-
crisitem.author.orcid
0009-0000-2484-0109
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering
