8 BUILDING ORGANISATIONAL CAPABILITY FOR PENETRATION TESTING
This chapter discusses how organisations can go about developing the capacity to arrange to have penetration tests performed and the different ways in which this can be approached. In particular, it explores the relative strengths and weaknesses of performing this service with ‘in-house’ resources, using external resources or using a combination of both.
IN-HOUSE PENETRATION TESTING COMPARED WITH THIRD-PARTY PENETRATION TESTING
There are similarities and differences between ‘in-house’ and ‘third-party’ testing. In this section I elaborate on what exactly is meant by these terms.
‘In-house’ penetration testing is generally taken to mean that the penetration test has been ...