Advantages of penetration testing

imagensecforcepost.png

Many times we are asked, what are the advantages of penetration testing? why should I conduct a penetration test in my business?

If you find yourself wondering whether or not you should conduct a penetration test, then you should try to answer these questions:

  1. Is my system secure?
  2. How do I know it is secure?
  3. What are the consequences if someone breaks into it?

We often hear people answering these questions saying "Yes, it is secure because it was designed with security in mind". However one can argue that penetration testing doesn’t test the design of your solution, but the real implementation of it.

We have found many good designs poorly implemented. Too many times the theory is too distant to the real thing.

You may also answer "I don’t know if it is secure or not, but I guess no one is going to attempt breaking into it". There are many different motivations for attacking a system and the only way of ensuring that the security of your system is not going to be compromised is by securing it.

The advantage of penetration testing is that it gives you very accurate information about the real security posture of your system.

Only if you answered “None” to the third question you should not consider investing your resources in a penetration test.

You may also be interested in...

imagensecforcepost.png
Oct. 7, 2008

WordPress SQL column truncation vulnerability

This vulnerability has been published some days ago where an attacker could create a duplicated “admin” user and recover the legitimate “admin” password.

See more
imagensecforcepost.png
Jan. 24, 2011

Penetration testing - Exploiting MS09-004 vulnerability via SQL injection using Metasploit

Example of penetration test exploiting SQL injection vulnerability using Metasploit

See more