Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation.
However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in cybersecurity policies. The same can be said about broader penetration testing practices.
Organizations gain real value from learning about others' penetration testing experiences, trends, and the role they play in today's threat landscape.
The world of pen testing can be an interesting balance of open collaboration and closely guarded privacy. While pen testers may engage in teaming exercises, or happily talk technique when they attend Black Hat, most organizations are extremely reluctant when it comes to discussing their pen testing practices and results.
Of course, confidentiality and security should be kept top of mind—sharing anything that puts data at risk defeats the point of pen testing to begin with.
Further, publicizing security weaknesses does not help maintain confidence in an organization's ability to keep their customers' information safe. However, there is still valuable data that can be shared without divulging sensitive information.
For example, information about average pen testing team sizes and testing frequency can help an organization determine if they need additional resources. Learning about the different types of tests being performed could help an organization determine its testing priorities.
Data about how organizations are using pen testing tools may help developers decide what new functionalities are needed. This type of information would help penetration testing professionals and organizations develop a better idea of today's expectations, practices, and challenges at a broader level, so they can continue to improve and innovate the field.
With this in mind, Core Security is launching the 2020 Penetration Testing Survey. Core Security, a HelpSystems Company, has seen and been a part of the evolution of penetration testing over the years and is dedicated to its continued advancement and growth.
If you are involved in pen testing in your organization, we want to hear from you. By participating, you will be joining a community of like-minded cybersecurity experts in discussing ethical hacking program effectiveness and the resources required to deploy them.
Want to take part in this anonymous survey that will provide foundational research findings on pen testing? Take the survey.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.