Chapter 13

Retesting

IN THIS CHAPTER

Examining why a retest is a good thing

Testing and retesting … and testing and retesting: The reiterative process

Knowing when to retest

Using the report and risk register to choose what to retest

Doing the retest

After you’ve conducted a pen test, written your report, and made your recommendations, the next step is to make sure all that work was done correctly for the sake of an increased security posture. What that means is that it’s time to retest.

There are important reasons to retest:

Ensure the original pen test findings no longer pose a threat. Or, if they do and you decide to monitor them instead, you can review for any other weaknesses that may be created between the original test and retest.
Test the fixes. This includes what goes into production, the configurations made to fix things, and the services added (or removed). You also want to make sure configuration changes don’t expose other issues.
Scan any software that was updated. ...

Get Penetration Testing For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Penetration Testing For Dummies by Robert Shimonski

Retesting

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly