In last week’s article, we covered the basics of what a penetration test is and why they should make them part of your regular security regiment. This week we will to cover things to look out for when choosing your penetration test vendor.
Not all penetration test vendors are created equal; many service providers are more interested in selling a false sense of security than genuine protection. A high quality penetration test must be conducted by a professional who is able to perform their own research, write their own code, understand how exploits work and ideally, be able to write their own exploits if the need arise.
Most penetration test teams lack first-hand experience with computer and network exploits and are reliant on third party scanners and automated tools. While these tools can be a useful early detector of problems, they do not offer a comprehensive look at your system network or overall security. These limited tests are sometimes referred to as “rubber stamp” penetration test. Rubber stamp tests exist only to give the client a piece of paper with a “stamp” of success plastered across the top and an empty promise of security. When you choose your penetration test vendor make sure to inquire about their methods and request proof of their research methods.