Advantages of penetration testing


Many times we are asked, what are the advantages of penetration testing? why should I conduct a penetration test in my business?

If you find yourself wondering whether or not you should conduct a penetration test, then you should try to answer these questions:

  1. Is my system secure?
  2. How do I know it is secure?
  3. What are the consequences if someone breaks into it?

We often hear people answering these questions saying "Yes, it is secure because it was designed with security in mind". However one can argue that penetration testing doesn’t test the design of your solution, but the real implementation of it.

We have found many good designs poorly implemented. Too many times the theory is too distant to the real thing.

You may also answer "I don’t know if it is secure or not, but I guess no one is going to attempt breaking into it". There are many different motivations for attacking a system and the only way of ensuring that the security of your system is not going to be compromised is by securing it.

The advantage of penetration testing is that it gives you very accurate information about the real security posture of your system.

Only if you answered “None” to the third question you should not consider investing your resources in a penetration test.

You may also be interested in...

Post Image - Grandstream's HT801 Analog Telephone Adapter.png
Oct. 26, 2021

Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)

This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream's HT801 Analog Telephone Adapter.

See more
Jan. 27, 2011

Penetration testing - SQL injection and Metasploit

Example of a penetration testing exploitation of a SQL injection vulnerability using Metasploit

See more