Access your Pro+ Content below.
How to pen test: Why you need an internal security pen testing program
This article is part of the July/August 2012 issue of Information Security magazine
In today's complex security landscape, new threats are emerging on a regular basis, and we have more vulnerabilities than ever before. As part of a sound security program, most mature security teams have developed a vulnerability management program that includes network and application scanning, patching, and risk assessment. However, many organizations are now asking themselves if it's time to take these programs to the next level by adding penetration testing capabilities into the mix. For many reasons, ranging from compliance mandates to improved vulnerability and threat intelligence, the answer should be a resounding “yes.” Yet there’s often some confusion on how best to approach pen testing, what kinds of skills are needed, the tools to use, how often to do it, and what the process should look like in general. We’ll clarify best practices for security pen testing and explain how to build an internal testing program and measure its success. Why you need an internal pen testing team There are many reasons why organizations ...
Access this Pro+ Content for Free!
Features in this issue
Learn pen testing best practices and how to build an internal pen testing team.
New techniques are emerging to help organizations analyze security data and improve security defenses.
SharePoint has become ubiquitous in the enterprise, but organizations can overlook security. Learn SharePoint security best practices in this article.
Restricting user permissions, server hardening and dedicated service accounts are critical.
Experts say malware toolkit isn’t unique, but warn of cyberweapons falling into the wrong hands.
Columns in this issue
Mobile systems have a lot of moving parts, but securing them is as simple as practicing software security.
Government and private sector collaboration is critical to surviving in cybespace.
Breach at the professional networking site highlights password practices, storage procedures.