Many times we are asked, what are the advantages of penetration testing? why should I conduct a penetration test in my business?
If you find yourself wondering whether or not you should conduct a penetration test, then you should try to answer these questions:
- Is my system secure?
- How do I know it is secure?
- What are the consequences if someone breaks into it?
We often hear people answering these questions saying "Yes, it is secure because it was designed with security in mind". However one can argue that penetration testing doesn’t test the design of your solution, but the real implementation of it.
We have found many good designs poorly implemented. Too many times the theory is too distant to the real thing.
You may also answer "I don’t know if it is secure or not, but I guess no one is going to attempt breaking into it". There are many different motivations for attacking a system and the only way of ensuring that the security of your system is not going to be compromised is by securing it.
The advantage of penetration testing is that it gives you very accurate information about the real security posture of your system.
Only if you answered “None” to the third question you should not consider investing your resources in a penetration test.