Security News > 2023 > February > Pen testing report: IT budgets should focus on entire security stack

With a focus on the security of web app firewalls, pen tests target application programming interfaces, servers and any leaky point of entry.

Security firm Pentera's second annual report on pen testing deployment in the U.S. and Europe found that 92% of organizations are lifting their overall IT security budgets.

Pen testing and IT security budgets are growing at a more significant rate in Europe than in the U.S., with 42% of respondents in Europe reporting a more than 10% increase in their pen testing budgets, compared with 17% of respondents in the U.S. By some estimates the pen testing market will grow 24.3% through 2026, led by the major players in the sector: IBM, Rapid7, FireEye, Veracode and Broadcom.

Most CISOs share pen tests with IT ASAP. According to Pentera, 47% of chief information security officers polled said they immediately share results with their IT security team.

45% of those who already conduct pen testing, whether manual or automated, said the risk to business applications or network availability prevents them from increasing the frequency of tests; 56% of respondents who do not conduct pen testing at all expressed that sentiment, too.

"Red teaming and pen testing have some overlap, but to me, the key differentiator is the objective: A pen test usually is designed to enumerate and exploit technical weaknesses, whereas a red team exercise exploits physical and technical weaknesses to achieve some predefined objective. However, both are designed to highlight security flaws that likely need to be remediated immediately."

News URL

https://www.techrepublic.com/article/it-budgets-pen-testing-tech-stack/