Social Network For Security Executives: Network, Learn & Collaborate
Safe Penetration Testing – 3 Myths and the Facts behind them
Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing you to do to yourself what you are trying to prevent hackers from doing to you in the first place.
(Read more: Under the hood of Top 4 BYOD Security Technologies: Pros & Cons)
Myth 1 – Vendors promise that testing on your production environment is perfectly safe and that penetration testing will not cause any disruption to your end users.
The Facts
(Read more: CISO Mantra on data sanitization)
Myth 2 – Your penetration testing vendor may tell you that your data is safe for full blown penetration testing on a production system.
The Facts
(Read more: BYOD Security: From Defining the Requirements to Choosing a Vendor)
Myth 3 – There will be no disruption to your business during penetration testing.
The Facts
(Watch more : Top Myths of IPV-6 Security)
Advantages of Performing Pen Testing on a Staging Environment
What seems obvious from all the above is that wherever possible you should try to perform penetration testing on a staging or testing deployment. This has two main advantages;
Original Blog: http://www.ivizsecurity.com/blog/penetration-testing/safe-penetrati...
More: Want to be an author? Nominations open for co-authors of CISO Handbook
Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies 0 Likes
Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue
Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies 0 Likes
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies 0 Likes
(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue
Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies 0 Likes
(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue
Tags: #COVID19
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Follow us
© 2021 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service
You need to be a member of CISO Platform to join the discussion!
Join CISO Platform