When should automated penetration testing be supplemented with manual pen testing?
Automated pen testing is a helpful tool, but if you aren't rounding it out with manual testing, you may be missing client-specific vulnerabilities.
Automated pen testing has become a very in-demand offering, but a full-service security firm must round it out with manual testing. In fact, most RFPs I've seen these days require some sort of manual effort; it's rare to find a client that can be wholly satisfied with a purely automated procedure without supplementing it with manual penetration testing.
Automated scanners are built from a variety of code -- both open source and custom -- and are often focused on a specific vulnerability, so you'll need to employ several tools to cover a wide range of threats. Every automated procedure needs manual verification for false alarms, manual scanning for client-specific vulnerabilities, and you'll need to update your tools to detect new threats as they develop.
Due diligence requires you to employ every resource you can to protect your customer, and this means automatic and manual testing.
Dig Deeper on Cybersecurity risk assessment and management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Meet all of our IT Channel experts
View all IT Channel questions and answers
Start the conversation
0 comments