Home > Ask the Software Quality Experts > Application Security Questions & Answers > Manual vs. automated penetration testing
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

Manual vs. automated penetration testing

Brad Arkin EXPERT RESPONSE FROM: Brad Arkin

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 01 June 2006
I have a vague understanding of the differences between manual and automated penetration testing, but I don't know which method to use. Are the automated pen tests trustworthy? Should I use both methods?

>
EXPERT RESPONSE
You should absolutely use both methods, by beginning with automated penetration testing, and supplementing that with manual penetration testing.

Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.

Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.

More information:


Sound Off! -   Be the first to post a message to Sound Off!


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Application Security
Application security careers have bright future
How to prevent anti-DNS pinning attacks
Open source application security testing tools
Java application security features and measures
Web application security testing basics
Password recovery with .NET 2.O using C#
Free load and performance testing tools
The most effective time to do security testing
Finding backdoor threats within applications
SPML and SAML enhance application security in different ways

Software security testing and techniques
The realities of using WAFs for PCI DSS 6.6 compliance
The realities of PCI DSS 6.6 application code reviews
Ruby on Rails security audit service available
Application security careers have bright future
Secure software measures: Their strengths and limitations
PCI DSS compliance: Web application firewall or code review?
Web application security testing basics
Getting started with Web application misuse cases
OWASP kicks off Summer of Code 2008
Video: Classification, detection of application backdoor attacks

Building security into the SDLC (Software development life cycle)
Application security careers have bright future
Writing software requirements that address security issues
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
PCI DSS compliance: Web application firewall or code review?
Application security enters uncharted regions
How to prevent XPath injection
Developers get bigger role in software quality, security
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
How to prevent anti-DNS pinning attacks
Java application security features and measures

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts