How often does your company run Pen testing in relation to cybersecurity?

How often does your company run Pen testing in relation to cybersecurity?

Smart companies have a multi-level pen testing strategy which they dynamically align with the business. Doing one end2end semi-automated fuzz test may work just fine for a stable application with little volume of architectural/technology changes, providing that it is being scanned for vulnerabilities regularly and minor releases are accompanied with automated pen tests (say via Burp suite) which are integral part of regression testing. The same strategy could fail horribly in the early stages of development, when there are major architectural changes introduced shortly after the test, etc etc. Having a managed bug bounty program should be considered too, and the outcomes of this program should be used to refine the pen test plan too.

89 views
2 comments
0 upvotes
Related Tags
Anonymous Author
Smart companies have a multi-level pen testing strategy which they dynamically align with the business. Doing one end2end semi-automated fuzz test may work just fine for a stable application with little volume of architectural/technology changes, providing that it is being scanned for vulnerabilities regularly and minor releases are accompanied with automated pen tests (say via Burp suite) which are integral part of regression testing. The same strategy could fail horribly in the early stages of development, when there are major architectural changes introduced shortly after the test, etc etc. Having a managed bug bounty program should be considered too, and the outcomes of this program should be used to refine the pen test plan too.
2 upvotes
Anonymous Author
We are moving toward continuous monitoring 365x7x24 on crown jewels.
0 upvotes