Posted on 2020-01-29 by Alexei Doudkine in Business Security
Nothing grinds my gears more than seeing companies flog cheap, crappy scans as penetration tests. It insults penetration testers like myself, but worse than that, it exploits the unsuspecting clients that genuinely want to improve their security.
When a company realises that they need a penetration test, this task is usually delegated to one person who is almost never a penetration tester themselves. They may have had some experience in the past with selecting a company to perform penetration testing and the outcomes may or may not have been satisfactory. A lot of uncertainty in that last sentence, isn’t there?
The fact of the matter is, penetration testing can be a bit of a mystery and it can be extremely hard to know if the one you chose will be good or not. It’s like when you go to the mechanic to service your car. You drive your car in, leave it for a day, pick it up and drive it out. The car feels exactly the same. Did the mechanic do anything, or did you just pay for some very expensive parking?