What differentiates a pentest from other tests?

Paul Asadoorian has summed it up quite nicely in EP 373 of the Security Weekly Podcast. 

A good pentest not only answers the question “can my controls be breached?” but also the following questions:

  • How can I be breached?
  • How much damage to my business can a breach do?
  • Where am I most likely to be breached given my current defenses?
  • What can an attacker do once he has breached one system?
  • Do I have capabilities to detect a breach? 
  • How long will it take me to detect the breach?
  • How well will people in my organization react to a breach or someone trying to breach one of my systems?

I just wanted to take down those questions for you and me, because they might come in handy when arguing once again over what a good or bad pentest is.

Views: 555


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

Vivian Rivera updated their profile
Mar 2
Steve Brandidge updated their profile
Jan 28
SUR3SH0T updated their profile
Oct 20, 2020
Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018

Stratagem 13 News Feed

© 2021   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service