Suggesting Pentesting
Penetration testing (or pentesting) is an important part of keeping networks and systems safe from those who would attack them. However, because similar methods are used by attackers and penetration testers alike, some people and organizations may be apprehensive about unleashing those methods on their own networks.
*Instructions for Main Post
Place yourself in the position of someone responsible for hiring a penetration testing firm to test the security of your systems.
Your initial post should include two parts:
1. Your main concerns about the process and considerations you would need to take into account before commissioning a pentest.
2. Information you found during researching how to best address your concerns.
At a minimum this should include:
- Qualifications or certifications that pentesters should have
- Questions or surveys you can provide to prospective professionals/firms as part of the selection process
- Industry guidance on how to engage and conduct a penetration test
Note: Individual concerns may be different, so there is not necessarily one absolute set of considerations that represents a “correct” answer. If you’re having trouble thinking of considerations, you can refer back to topics regarding network threats, malware, fundamental cybersecurity concepts, and everyday considerations including trust, legal concerns, etc.
Please provide any URL(s) you used in formulating your findings.