{"id":300697,"date":"2021-07-16T15:00:57","date_gmt":"2021-07-16T12:00:57","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/"},"modified":"2021-07-16T15:00:57","modified_gmt":"2021-07-16T12:00:57","slug":"penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/","title":{"rendered":"#Penetration Testing Has More Benefits Than You Think \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2cbb961c4ca\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2cbb961c4ca\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/#The_Vulnerability-Go-Round\" >The Vulnerability-Go-Round<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/#Penetration_Testing_and_Vulnerability_Testing\" >Penetration Testing and Vulnerability Testing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/#The_Benefits_of_Penetration_Testing\" >The Benefits of Penetration Testing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/penetration-testing-has-more-benefits-than-you-think-cloudsavvy-it\/#It_Isnt_a_One-Time_Thing\" >It Isn\u2019t a One-Time Thing<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Penetration Testing Has More Benefits Than You Think \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-12688 size-full\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/07\/2f6d004b.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/07\/2f6d004b.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/07\/2f6d004b.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"finger pointing at virtual screen\" width=\"1200\" height=\"675\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/cyber-security-information-privacy-data-protection-1208863036\" data-credittext=\"Wright Studio\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/cyber-security-information-privacy-data-protection-1208863036\">Wright Studio\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>Penetration testing measures the effectiveness of your cybersecurity defensive measures. And remember, their effectiveness changes over time, so repeat as necessary.\u00a0There\u2019s nothing fit and forget in the world of cybersecurity.<\/p>\n<h2 id=\"the-vulnerability-go-round\"><span class=\"ez-toc-section\" id=\"The_Vulnerability-Go-Round\"><\/span>The Vulnerability-Go-Round<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>All non-trivial software has bugs. And there\u2019s software everywhere you look on your network, so the sad truth is, your network is full of bugs. Not all of those bugs will result in a vulnerability, but some will. And if just one of those vulnerabilities is exploited by threat actors, your network is compromised.<\/p>\n<p>Operating systems, software <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lications, and device firmware are all forms of software. It\u2019s obvious that servers and network endpoints will run operating systems and applications. The items that are often overlooked are other network appliances such as firewalls, routers, wireless access points, and switches. These all contain firmware at least, and often, an embedded operating system, too. Other devices, such as Internet-of-Things devices, and other smart devices also have firmware, an embedded operating system, and some application code in them.<\/p>\n<p>As vulnerabilities are discovered, responsible providers release security patches. These contain bug fixes for the known bugs, which close off the\u00a0<em>known<\/em>\u00a0vulnerabilities. But that won\u2019t\u2014without a stroke of very good luck\u2014do anything to rectify any\u00a0<em>unknown<\/em>\u00a0vulnerabilities.<\/p>\n<p>Suppose that a piece of software has three vulnerabilities. Two of them are discovered and a security patch is released to address them. The third vulnerability, as yet undiscovered, is still in the software. Sooner or later, that vulnerability will be discovered. If it\u2019s discovered by cybercriminals, they can exploit that vulnerability in all systems running that version of the software until a patch is released by the manufacturer\u00a0<em>and<\/em>\u00a0the end-users apply that patch.<\/p>\n<p>Ironically, new vulnerabilities can be introduced by patches, updates, and upgrades. And not all vulnerabilities are due to bugs. Some are due to terrible design decisions, such as the IoT Wi-Fi-enabled CCTV cameras that didn\u2019t permit users to change the admin password. So it\u2019s impossible to say that your systems are free from vulnerabilities. But that doesn\u2019t mean that you shouldn\u2019t do what you can to make sure that they\u2019re free from known vulnerabilities.<\/p>\n<h2 id=\"penetration-testing-and-vulnerability-testing\"><span class=\"ez-toc-section\" id=\"Penetration_Testing_and_Vulnerability_Testing\"><\/span>Penetration Testing and Vulnerability Testing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A penetration test is actually a large suite of tests designed to evaluate the security of your externally facing IT assets. Specialist software is used to methodically identify any exploitable vulnerabilities. It does this by performing numerous benign attacks on your defenses. A test run can include hundreds of different scheduled tests.<\/p>\n<p>Vulnerability testing is a similar type of scan, but it\u2019s performed inside your network. It looks for the same type of vulnerabilities as penetration testing and checks that operating system versions are current and still supported by the manufacturer. Vulnerability testing identifies the vulnerabilities that a threat actor or malware could exploit if either one gained access to your network.<\/p>\n<p>The reports generated by these tests can be overwhelming at first glance. Each vulnerability is described and their\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cve.mitre.org\/\">Common Vulnerabilities and Exposures<\/a>\u00a0number is given. This can be used to look up the vulnerability in one of the online vulnerability indexes. Even modest networks can generate reports running into many tens of pages. For medium-sized networks, the reports can be measured in hundreds of pages.<\/p>\n<p>Thankfully, the vulnerabilities are ranked according to their severity. Obviously, you need to address the highest priority\u2014that is, the most severe\u2014vulnerabilities first, and then the second-highest priority ones, and so on. The lowest-grade vulnerabilities are technically vulnerabilities but are of such low risk that they\u2019re considered more of an advisory than a compulsory item to rectify.<\/p>\n<p>Sometimes, correcting one vulnerability will clear off whole swathes of issues. An expired or self-signed TLS\/SSL certificate can generate a long list of vulnerabilities. But correcting that one issue will address all of the related vulnerabilities in one fell swoop.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How Do SSL Certificates Secure the Web?<\/em><\/strong><\/p>\n<h2 id=\"the-benefits-of-penetration-testing\"><span class=\"ez-toc-section\" id=\"The_Benefits_of_Penetration_Testing\"><\/span>The Benefits of Penetration Testing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The most important benefit that a penetration test provides is knowledge. The report allows you to understand and rectify the known vulnerabilities that are present in your IT assets, network, and websites. The prioritized list tells you clearly which vulnerabilities to address im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely, which to tackle next, and so on. It ensures that your efforts are always directed to the most severe remaining vulnerabilities. It will certainly identify risks that you didn\u2019t know you had, but it will also\u2014albeit through negative evidence\u2014show you the areas that are already tightly secured.<\/p>\n<p>Some penetration-testing software can identify vulnerabilities due to misconfiguration issues or poor cybersecurity hygiene, such as conflicting firewall rules or default passwords. These are easy, fast, low-cost fixes that immediately improve your cyber posture.<\/p>\n<p>Anything that improves the effectiveness of your cybersecurity protects your most sensitive data and works in favor of your business continuity. And of course, preventing breaches and other security incidents also helps you avoid data protection fines or lawsuits from data subjects.<\/p>\n<p>Knowing where your weak points were\u2014and what they were\u2014can help you plan and build a road map for your defensive strategy. This enables you to budget for and prioritize your security expenditure. It also allows you to spot holes in your policy procedures or areas where they\u2019re not being upheld.<\/p>\n<p>If your patching strategy is being adhered to, security patches and bug fixes should be applied in a timely fashion once they\u2019ve been released by the manufacturer. Maintaining that discipline will keep your operating systems, applications, and firmware from falling behind.<\/p>\n<p>If your organization operates to a standard such as the Payment Card Industry Data Security Standard (PCI-DSS) or ISO\/EUC 27001, penetration testing will probably be a mandatory step for compliance. Cyber liability insurance providers might require you to conduct penetration before they offer you a policy, or they might offer a reduced premium if you regularly perform penetration testing.<\/p>\n<p>Increasingly, both prospective and existing customers are asking to see the results of a recent penetration test report as part of their due diligence. A prospective customer has to satisfy themselves that you take security seriously before they can entrust you with any of their data. Existing customers must also satisfy themselves that their current providers are taking the necessary cybersecurity precautions to prevent themselves from falling afoul of a supply-chain attack.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"It_Isnt_a_One-Time_Thing\"><\/span>It Isn\u2019t a One-Time Thing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You\u2019re not going to want the results of your first penetration test to go outside of your organization. Do your first round of testing, execute the remedial work, and then re-test. That second set of testing should provide your working baseline and a set of results that you\u2019d be willing to share with outside parties.<\/p>\n<p>Penetration needs to be repeated at least annually. A six-month cycle is a good fit for most organizations.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/12185\/penetration-testing-has-more-benefits-than-you-think\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Penetration Testing Has More Benefits Than You Think \u2013 CloudSavvy IT&#8221; Wright Studio\/Shutterstock.com Penetration testing measures the effectiveness of your cybersecurity defensive measures. And remember, their effectiveness changes over time, so repeat as necessary.\u00a0There\u2019s nothing fit and forget in the world of cybersecurity. The Vulnerability-Go-Round All non-trivial software has bugs. And there\u2019s software everywhere you&#8230;<\/p>\n","protected":false},"author":1,"featured_media":300698,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/07\/2f6d004b.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-300697","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/300697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=300697"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/300697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/300698"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=300697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=300697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=300697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}