8 BUILDING ORGANISATIONAL CAPABILITY FOR PENETRATION TESTING

Ceri Charlton

This chapter discusses how organisations can go about developing the capacity to arrange to have penetration tests performed and the different ways in which this can be approached. In particular, it explores the relative strengths and weaknesses of performing this service with ‘in-house’ resources, using external resources or using a combination of both.

IN-HOUSE PENETRATION TESTING COMPARED WITH THIRD-PARTY PENETRATION TESTING

There are similarities and differences between ‘in-house’ and ‘third-party’ testing. In this section I elaborate on what exactly is meant by these terms.

‘In-house’ penetration testing is generally taken to mean that the penetration test has been ...

Get Penetration Testing: A guide for business and IT managers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.