Towards Islamic Ethics in Professional Penetration Testing

The high rate of technological advances in the field of computing has resulted in a rapid increase in the occurrence of new loopholes in systems. To ensure the security of their computing systems, big companies resort to using penetration testing as a solution, whereby an external company is hired to evaluate the security of the computer system or network in question. At various stages in the penetration testing process, the professionals who are hired have access to vital technical information about many companies. It is important for the professionals to appreciate the ethics involved in their work because failure to secure – or misuse of –the information may result in acute leaks of critical data. Many Muslim professionals are involved in many stages of the penetration testing process, and it is crucial for them to be aware not only of the preeminent position given to ethics and ethical conduct in Islam, but also of what they must do to maintain their ethical integrity. This paper highlights the ethical issues inherent in penetration testing operations, discusses their practical implications for Muslim professionals, and sets out the key ethical steps that need to be taken. It also offers a solution based on an Islamic framework of ethical principles and values derived from the Holy Qur’an and the Sunnah.