You'll get the best results when you’re clear on what you want to accomplish from a pen test.
Here's what you don't want from a pen test: A 600-page report packed with detail that overwhelms everyone in your organization.
Andrew Hay, chief operating officer at Lares, a security consultancy, says he's seen too many times where pen testers overload their customers with so much information that they don't wind up doing anything with the results.
"Too often people receive that 600-page report and it looks like a vulnerability scan; they don't know what to do with it," says Quentin Rhoads, director of professional services at Critical Start.
Hay and Rhoads say the best pen tests are targeted. So start with a scoping interview where you identify what you want to get out of the pen test. If you don't get pen tests every year, it's unrealistic to think you'll be able to fix everything in your network from just one test.
Here are seven tips that Hay, Rhoads, and Rapid7’s Tod Beardsley offer up to companies looking get their money's worth out of a penetration test.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024