Pros and Cons of Penetration Testing - CYBRI
Cybri LogoCreated with Sketch.

Pros and Cons of Penetration Testing

IN

|

BY Paul Kubler

Penetration testing has many benefits for a cybersecurity program. This is the reason many standards recommend it, and compliance bodies require it. However, that does not mean there aren’t problems with pen testing. 

Penetration testing can be dangerous if not done correctly or by a reputable firm. There are some concerns for the organization’s safety that come into consideration that must be accounted for.

What are the benefits of penetration testing?

Penetration testing has many benefits, including finding vulnerabilities and detecting weaknesses in the environment. It can help improve the cyber protections in place and test its their resiliency. Pen testing is also required as part of many compliance standards or by customers that want to ensure their data is safe.

Penetration testing gives you the ability to look into your organization’s security from the perspective of an attacker.

This will help to reveal vulnerabilities that are not obvious from the defender’s view. It also can eliminate biases in security by showing what the environment can really withstand.

What are the possible negative implications of penetration testing?

Pen testing is a very valuable part of any security program, but there are negative implications that must be considered. Be sure to do due diligence on any firm or individual getting access to your environment. In addition, loop in the legal team to review the contract and ensure you are covered for liability.

Some things to consider are:

  • Where is the firm located? Do they understand the laws of your state/country?
  • Do the testers receive background checks?
  • Where are the testers located? Being in the same country can help ensure protection legally.
  • What are the testers’ credentials? Do they understand the technology?
  • Is there an NDA in place? Almost all pen tests will require or yield sensitive data.
  • Is there a plan of action in an emergency, and who are the points of contact?
  • Are you prepared to leverage the findings? Knowing about critical vulnerabilities and not fixing them may be considered negligence, so be sure not to test during busy periods.
  • Is the internal team ready to handle anything that may arise? An accidental outage can be harmful if not prepared.
  • Is the scope adequately considered? Is the testing at the right time? Avoid times like database backups, new development releases, and critical infrastructure that cannot go down during business hours.

Given all of the above, it is essential to consider the negative impacts that may occur when using non-reputable firms or testers, an internal team that isn’t ready, or a poorly scoped project. These may lead to more damage than benefits.

Is penetration testing safe?

Generally, penetration testing is a safe practice when done properly. 99 times out of 100, there are no issues that arise if the scope is appropriately set up and testers are informed of any concerns. Be sure to look for really old infrastructure or critical IoT devices that may not handle modern testing. These should receive a separate test.

Pen testing should avoid Denial of Service (DoS) attacks unless agreed upon in advance, though we recommend that it be an entirely separate test.

Discuss your project now

Request A Demo

Related Content

Previous
Next

Schedule a personalized demo with CYBRI.

Don't wait, reputation damages & data breaches could be costly.

Tell us a little about your company so we can ensure your demo is as relevant as possible. We’ll take the scheduling from there!
Michael B.
Michael B.Managing Partner, Barasch & McGarry
Read More
I am an attorney who represents thousands of people in the 9/11 community. CYBRI helped my company resolve several cybersecurity issues. I definitely recommend working with CYBRI.
Tim O.
Tim O.CEO at Cylera
Read More
I’m using CYBRI and have been very impressed with the experience and quality of the experts and CYBRI’s customer service. It has been a super seamless process that I’m happy and pleased with – I recommend CYBRI to all businesses.
Sergio V.
Sergio V.CTO at HealthCare.com
Read More
I hired CYBRI to help my company with various cybersecurity services, specifically HIPAA and CCPA. I have been satisfied with the quality of work performed by the cybersecurity expert. The customer service is excellent. I would recommend CYBRI for all of your cybersecurity needs.
L.D. Salmanson
L.D. SalmansonCEO at Cherre.com
Read More
We worked with CYBRI on assessing vulnerabilities and understanding the risks of our client-facing web assets. We are satisfied with the results and the professionalism of the Red Team members. Highly recommend CYBRI to all businesses.
Marco Huslmann
Marco HuslmannCTO MyPostcard
Read More
CYBRI is a great solution that helps streamline the penetration testing process. I strongly recommend them and will work with them again.
Alex Rothberg
Alex RothbergCTO IntusCare
Read More
I highly recommend CBYRI to businesses that need penetration testing to ensure their business infrastructure is secure.
John Tambuting
John TambutingCTO Pangea.app
Read More
I am confident CYBRI is the right penetration testing choice if you are looking to build a secure business environment.
Previous
Next

Discuss your Project







    Michael B.
    Michael B.Managing Partner, Barasch & McGarry
    Read More
    I am an attorney who represents thousands of people in the 9/11 community. CYBRI helped my company resolve several cybersecurity issues. I definitely recommend working with CYBRI.
    Tim O.
    Tim O.CEO at Cylera
    Read More
    I’m using CYBRI and have been very impressed with the experience and quality of the experts and CYBRI’s customer service. It has been a super seamless process that I’m happy and pleased with – I recommend CYBRI to all businesses.
    Sergio V.
    Sergio V.CTO at HealthCare.com
    Read More
    I hired CYBRI to help my company with various cybersecurity services, specifically HIPAA and CCPA. I have been satisfied with the quality of work performed by the cybersecurity expert. The customer service is excellent. I would recommend CYBRI for all of your cybersecurity needs.
    L.D. Salmanson
    L.D. SalmansonCEO at Cherre.com
    Read More
    We worked with CYBRI on assessing vulnerabilities and understanding the risks of our client-facing web assets. We are satisfied with the results and the professionalism of the Red Team members. Highly recommend CYBRI to all businesses.
    Marco Huslmann
    Marco HuslmannCTO MyPostcard
    Read More
    CYBRI is a great solution that helps streamline the penetration testing process. I strongly recommend them and will work with them again.
    Alex Rothberg
    Alex RothbergCTO IntusCare
    Read More
    I highly recommend CBYRI to businesses that need penetration testing to ensure their business infrastructure is secure.
    John Tambuting
    John TambutingCTO Pangea.app
    Read More
    I am confident CYBRI is the right penetration testing choice if you are looking to build a secure business environment.
    Previous
    Next

    Find mission-critical vulnerabilities before hackers do.

    CYBRI’s manual pen tests are performed by U.S.-based highly certified Red Team experts.

    We help businesses detect & remediate catastrophic vulnerabilities in applications, cloud, and networks.

    Contact Us