Problem solve Get help with specific problems with your technologies, process and projects.

Manual vs. automated penetration testing

Manual penetration testing, automated pen testing or both? Application tools and technologies expert Brad Arkin helps you sort through your application security options.

I have a vague understanding of the differences between manual and automated penetration testing, but I don't know which method to use. Are the automated pen tests trustworthy? Should I use both methods?
You should absolutely use both methods, by beginning with automated penetration testing, and supplementing that with manual penetration testing.

Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.

Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.

More information:

Dig Deeper on Topics Archive