Problem solve Get help with specific problems with your technologies, process and projects.

When should automated penetration testing be supplemented with manual pen testing?

Automated pen testing is a helpful tool, but if you aren't rounding it out with manual testing, you may be missing client-specific vulnerabilities.

I offer automated penetration testing to my customers. How and where should I supplement the automated pen testing with manual pen testing?

Automated pen testing has become a very in-demand offering, but a full-service security firm must round it out with manual testing. In fact, most RFPs I've seen these days require some sort of manual effort; it's rare to find a client that can be wholly satisfied with a purely automated procedure without supplementing it with manual penetration testing.

Automated scanners are built from a variety of code -- both open source and custom -- and are often focused on a specific vulnerability, so you'll need to employ several tools to cover a wide range of threats. Every automated procedure needs manual verification for false alarms, manual scanning for client-specific vulnerabilities, and you'll need to update your tools to detect new threats as they develop.

Due diligence requires you to employ every resource you can to protect your customer, and this means automatic and manual testing.

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.