Advantages of penetration testing

imagensecforcepost.png

Many times we are asked, what are the advantages of penetration testing? why should I conduct a penetration test in my business?

If you find yourself wondering whether or not you should conduct a penetration test, then you should try to answer these questions:

  1. Is my system secure?
  2. How do I know it is secure?
  3. What are the consequences if someone breaks into it?

We often hear people answering these questions saying "Yes, it is secure because it was designed with security in mind". However one can argue that penetration testing doesn’t test the design of your solution, but the real implementation of it.

We have found many good designs poorly implemented. Too many times the theory is too distant to the real thing.

You may also answer "I don’t know if it is secure or not, but I guess no one is going to attempt breaking into it". There are many different motivations for attacking a system and the only way of ensuring that the security of your system is not going to be compromised is by securing it.

The advantage of penetration testing is that it gives you very accurate information about the real security posture of your system.

Only if you answered “None” to the third question you should not consider investing your resources in a penetration test.

You may also be interested in...

imagensecforcepost.png
Dec. 14, 2012

Is traditional penetration testing effective at identifying risk?

The challenge for many board members is how to ascertain the validity of what they are being told in relation to the health of their defences. What unknown risks are being carried? There is a high risk of false assurance from internal departments reporting up the chain.

See more
The-devil-is-in-the-details.png
Jan. 11, 2021

The devil is in the details

This is a post about how going the extra mile in creating a phishing campaign is very likely to pay dividends.

See more