PART III: ADOPTING A STRUCTURED APPROACH TO PENETRATION TESTING

Overview

When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit – or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide.

Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:

  • Business requirements are met.
  • Major system vulnerabilities are identified and addressed.
  • Risks are kept within business parameters.

Some organisations establish a formal penetration testing programme ...

Get Penetration Testing Services Procurement Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.