Ask the Expert

When should automated penetration testing be supplemented with manual pen testing?

I offer automated penetration testing to my customers. How and where should I supplement the automated pen testing with manual pen testing?

    Requires Free Membership to View

Automated pen testing has become a very in-demand offering, but a full-service security firm must round it out with manual testing. In fact, most RFPs I've seen these days require some sort of manual effort; it's rare to find a client that can be wholly satisfied with a purely automated procedure without supplementing it with manual penetration testing.

Automated scanners are built from a variety of code -- both open source and custom -- and are often focused on a specific vulnerability, so you'll need to employ several tools to cover a wide range of threats. Every automated procedure needs manual verification for false alarms, manual scanning for client-specific vulnerabilities, and you'll need to update your tools to detect new threats as they develop.

Due diligence requires you to employ every resource you can to protect your customer, and this means automatic and manual testing.

This was first published in February 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: