When should automated penetration testing be supplemented with manual pen testing?

Automated pen testing is a helpful tool, but if you aren't rounding it out with manual testing, you may be missing client-specific vulnerabilities.

Russell Dean Vines

Published: 21 Feb 2007

I offer automated penetration testing to my customers. How and where should I supplement the automated pen testing with manual pen testing?

Automated pen testing has become a very in-demand offering, but a full-service security firm must round it out with manual testing. In fact, most RFPs I've seen these days require some sort of manual effort; it's rare to find a client that can be wholly satisfied with a purely automated procedure without supplementing it with manual penetration testing.

Automated scanners are built from a variety of code -- both open source and custom -- and are often focused on a specific vulnerability, so you'll need to employ several tools to cover a wide range of threats. Every automated procedure needs manual verification for false alarms, manual scanning for client-specific vulnerabilities, and you'll need to update your tools to detect new threats as they develop.

Due diligence requires you to employ every resource you can to protect your customer, and this means automatic and manual testing.

Dig Deeper on Cybersecurity risk assessment and management

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Russell Dean Vines

Security for mobile broadband

While some SMBs are not securing their mobile broadband, there is good reason to do so, even if a customer has only a small amount of data to protect. Continue Reading

Understanding smurf attacks

A smurf attack can slow down a network to the point of shutting it down completely. Learn how to understand a full-scale smurf attack and how to ... Continue Reading

What are the network security risks of streaming video?

Streaming video and audio sites are frequently visited on both home computers and work computers. Learn about streaming video security risks and what... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our IT Channel experts

View all IT Channel questions and answers

MicroscopeUK

Ethos Technology adds DataCore to the portfolio

Distributor continues to expand its vendor roster adding storage player to the mix

Schneider Electric: Healthcare, manufacturing and education leading edge spend

Power management specialist works with Canalys to survey resellers around the opportunities and challenges customers are facing ...

Fresh image and roadmap “breathe new life” into Commvault

Commvault unveils new look and product strategy under CEO Sanjay Mirchandani

SearchSecurity

Exposed Docker hosts open the door for cryptojacking

Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware ...

Essential instruments for a pen test toolkit

Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific ...

Imperva breach update puts blame on exposed AWS API keys

Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor ...

SearchStorage

MAMR tech fuels mammoth 20 TB hard drives

Age-old hard disk drives get a new twist as energy-assisted technologies fuel Western Digital's upcoming new 20 TB HDDs and ...

Cloud repatriation from the storage experts' point of view

Four industry experts discuss whether enterprises are really bringing data back from the public cloud, what's driving this trend ...

New Violin Systems CEO talks up ambitious storage roadmap

New Violin CEO talks up plans for newly architected, NVMe-based flash array that will focus on enterprise software capabilities ...

SearchNetworking

Transform network management with a network automation strategy

Enterprises can employ a network automation strategy to provide some stability for network management and monitoring. Automation,...

Network automation skills and training in demand, research finds

Surprisingly, scripting, programming and software development are not exactly the top network automation skills desired by ...

Gluware network automation update addresses OS changes

Gluware adds to its network automation platform easier management of changes to device configurations and operating systems.

SearchCloudComputing

6 long-term plans to add to cloud cost optimization strategies

Short-term cost management tools are one way to improve cost efficiencies in the cloud, but to stay on track, you also need ...

IaaS vs. PaaS options on AWS, Azure and Google Cloud Platform

Looking to shift your workloads to the cloud? Understand and compare the IaaS and PaaS options on AWS, Azure and Google Cloud ...

SearchDataManagement

Apache Rya matures open source triple store database

Open source triple store database technology used by the U.S. Navy moves forward as a stable, mature project at the Apache ...

PostgreSQL 12 boosts open source database performance

Widely used open source PostgreSQL database platform gets a major update providing users with new SQL query capabilities for JSON...

Data integration vs. ETL in the age of big data

Data integration provides a consistent view of business performance across multiple data sources, though it needs to keep up with...

SearchBusinessAnalytics

SAS analytics platform aided by $1 billion AI investment

The SAS suite of business intelligence products is quickly seeing results from the vendor's $1 billion commitment to AI seven ...

ThoughtSpot BI platform an early adopter of AI

Due to AI, ThoughtSpot's analytics tools have been accessible to citizen data scientists from the start, Andrew Yeung, the ...

ThoughtSpot 6 advances AI power of BI platform

New augmented intelligence and machine learning tools, along with a new mobile app, highlight the release of the new update to ...

Dig Deeper on Cybersecurity risk assessment and management

Related Q&A from Russell Dean Vines

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.