Jump to content
Invision Community
ANTIVIRUS & SPAM Antivirus Anti Spam Anti Spyware Free Virus Scanner Antivirus Comparison Antivirus for Android Antivirus for Mac Anti Spam for Android Anti Spyware for Android
Sign in to follow this  

Pen Test (Penetration Testing) 2

Recommended Posts

Purpose of penetration testing
The primary goal of a pen test is to identify weak spots in an organization's security posture, as well as measure the compliance of its security policy, test the staff's awareness of security issues and determine whether -- and how -- the organization would be subject to security disasters.

A penetration test can also highlight weaknesses in a company's security policies. For instance, although a security policy focuses on preventing and detecting an attack on an enterprise's systems, that policy may not include a process to expel a hacker.

The reports generated by a penetration test provide the feedback needed for an organization to prioritize the investments it plans to make in its security. These reports can also help application developers create more secure apps. If developers understand how hackers broke into the applications they helped develop, the intention is to motivate developers to enhance their education around security so they won't make the same or similar errors in the future

How often you should perform penetration testing

Organizations should perform pen testing regularly -- ideally, once a year -- to ensure more consistent network security and IT management. In addition to conducting regulatory-mandated analysis and assessments, penetration tests may also be run whenever an organization:

adds new network infrastructure or applications;
makes significant upgrades or modifications to its applications or infrastructure;
establishes offices in new locations;
applies security patches; or
modifies end-user policies.

However, because penetration testing is not one-size-fits-all, when a company should engage in pen testing also depends on several other factors, including:

The size of the company. Companies with a larger presence online have more attack vectors and, therefore, are more-attractive targets for hackers.

Penetration tests can be costly, so a company with a smaller budget might not be able to conduct them annually. An organization with a smaller budget might only be able to conduct a penetration test once every two years while a company with a larger budget can do penetration testing once a year.

Regulations and compliance. Organizations in certain industries are required by law to perform certain security tasks, including pen testing.

A company whose infrastructure is in the cloud might not be allowed to test the cloud provider's infrastructure. However, the provider may be conducting pen tests itself.

Penetration testing efforts should be tailored to the individual organization as well as the industry it operates in and should include follow-up and evaluation tasks so that the vulnerabilities found in the latest pen test are note reported in following tests.

Share this post

Link to post
Share on other sites
MALWARE & PROVIDER Anti Malware Hosting Shared Hosting Windows Hosting VOIP Phone Register Domain Website Builder Dedicated Server Fiber Optics Provider

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...