By: Jennia Hizver, Consulting Practice Security Researcher and Consultant, AT&TPenetrationTest

INTRO: Penetration tests are valuable for several reasons:

  • Determining feasibility of a particular set of attack vectors
  • Identifying higher-risk vulnerabilities resultinfg from combo of lower-risk vulnerabilities exploited in particular sequence
  • Identifying vulnerabilities difficult or impossible to detect with automated network or application vul scanning software
  • Assessing magnitude of business and operational impacts of successful attacks
  • Testing ability of network defenders to successfully detect and respond to attacks
  • Providing evidence to support increased investments in security 

Over the years of my career as a penetration tester,

I have encountered many myths and misconceptions regarding penetration testing, some of which I’d like to share with you:

Myth #1: Vulnerability scanning can identify all vulnerabilities in an organization’s environment, and hence, penetration tests are unnecessary.

Myth #2: Professional penetration testers use expensive commercial tools.

Myth #3: One system compromise has no effect on other systems.

Myth #4: Penetration testing focuses on production networks containing sensitive data.

Myth #5: Penetration testers use the same approach and are likely to uncover the same issues.

CLICK HERE to read the entire article

Key insights

  1. Penetration testing helps companies identify weaknesses in their IT environment.
  2. In spite of many myths, penetration testing provides valuable insight.