Once is never enough: The need for continuous penetration testing

2022-06-14 08:32

If you Google "How often should I do penetration testing?", the first answer that pops up is "Once a year." Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually, while internal penetration testing takes place annually, with segmentation testing occurring every six months.

Gartner calls these threats "High momentum threats" and recommends that organizations at risk adopt a more streamlined approach to cybersecurity - including pen testing.

A taxi driver will always beat Google Maps, and a trained pen testing professional will find vulnerabilities and attacks that automated tests may miss, or identify responses that appear legitimate to automated software but are actually a threat.

For all these reasons, pen testing stakeholders are increasingly turning to automation, with the aim of achieving continuous security validation.

Traditional pen testing methodologies - both manual and automated - deliver a snapshot of your network or application security posture.

To combat this, organizations are moving to a continuous penetration testing model.

News URL

https://www.helpnetsecurity.com/2022/06/14/need-for-continuous-penetration-testing/

#penetrationtesting