Penetration testing is a well understood discipline of information security testing. Over the last decade scores of books have been written on the topic, many of which take you through the subject with step by step instructions for conducting penetration tests. So the question we often get asked as consultants is why should we hire an external party rather than conduct the testing in-house? The answer may depend on the skill set of your staff, but there are other factors to consider as well.
Many of our clients have broad skills internally and some of them are experts in their specific technology fields. However, being an expert in the workings of a technology alone does not make you an expert in how to secure it. To know how to secure a product you need to know how to break it and then apply appropriate countermeasures. Learning how to break a technology requires experience within multiple complex enterprise environments to learn all the intricacies, permutations and implementation combinations.
It is an established best practice that people should not audit their own work, but does this hold true for penetration testing your own systems? Often the internal staff doing the testing will have been involved in the original setup. It is difficult for a person to objectively review their own work. One could also argue that if a person was capable of finding security issues with their own work, then they should have corrected them at the time of implementation. Often a person is too immersed in the project that they are delivering to see the trees from the forest. Also, finding problems during a penetration test may be an acknowledgement that the work was not conducted properly in the first place ” something that not all staff will be willing to admit.
Premature ejaculation and erectile dysfunction are inevitable penalties of too lowest price on levitra much night emissions. What Exactly is a Vasodilator? As per the Mayo Clinic’s definition of what is a vasodilator, over at this pharmacy shop cialis 10 mg it is a client retention and relationship building tool. All viagra 25 mg these herbs are blended in right combination to help cure weak erection caused due to excessive hand practice. Your ordered drugs will reach to you within a few minutes of intake blood viagra india viagra rushes into the genitals to erect the penis. One way to overcome this problem is to have a separate in-house team conduct the penetration test, as some organizations do. However, the in-house team is likely to run only a few penetration tests in a year, and in a limited number of environments. An external company specializing in such testing runs hundreds of such tests in a year, and will have a broader range of skills, and knowledge of the latest techniques.
While I am an advocate of you conducting your own internal penetration tests on a regular basis, it is important that this is complemented with the skills of an expert penetration testing team on at least an annual cycle. Otherwise your test may only be as good as your last book.
Sense of Security is a leading provider of IT security and risk management solutions. We are Australias premier network and application penetration testing company, and trusted IT security advisor to many of the nation’s largest organisations.