Q

Problem solve

Manual vs. automated penetration testing

Manual penetration testing, automated pen testing or both? Application tools and technologies expert Brad Arkin helps you sort through your application security options.

I have a vague understanding of the differences between manual and automated penetration testing, but I don't know which method to use. Are the automated pen tests trustworthy? Should I use both methods?

You should absolutely use both methods, by beginning with automated penetration testing, and supplementing that with manual penetration testing.

Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.

Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.

More information:

This was last published in June 2006

Dig Deeper on Software Security Test Best Practices

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Software Quality experts

View all Software Quality questions and answers

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchMicroservices

Simplify Java-based development with the Kotlin language

What makes Kotlin popular among Java professionals? Explore the attributes of this functional programming language that's ...
8 practical serverless design patterns for enterprise devs

Serverless app teams can turn to architecture patterns to guide the way to a successful product. Learn the criteria to narrow ...
Get realistic about your multi-cloud strategy aspirations

Multi-cloud is attractive to software teams that want to expand their development toolboxes, but be careful about the complexity ...

TheServerSide.com

4 great Java-based CMS options

Open source Java CMS tools come in a wide variety of shapes and sizes. Explore these four platforms to see if they would be a ...
What's the difference between applet and application in Java?

Java applets are no longer supported. How do they differ from applications? Let's explore their differences, as well as a brief ...
Microsoft Visual Studio Code installer supports AdoptOpenJDK

Microsoft targets Java developers with a Visual Studio Code installer for Java that takes care of the overall Visual Studio Code ...

SearchCloudApplications

How IIoT and consumer IoT handle data differently

IIoT applications must be able to handle large amounts of continuous data from business facilities. Find out why IIoT apps need ...
What Oracle delivered at OOW 2015

Learn how Oracle was pushing its cloud technologies, but OOW 2015 keynote speakers largely talked about cloud strategies.
Five key terms in enterprise cloud applications you need to know

Are you stumped by enterprise cloud applications or related technology? Check out this breakdown of five important terms to help ...

SearchAWS

Review AWS Quick Starts for third-party integrations

AWS Quick Starts integrations use CloudFormation templates to automate deployment of popular technologies from Tableau and IBM, ...
New AWS cloud security features fill gaps

AWS is on pace to deliver more than 1,800 new features and services this year, and many target cloud security.
Secure Lambda functions and meet cloud compliance standards

While AWS Lambda itself is secure, users are responsible for the functions they run with the service. Set up CloudWatch, KMS and ...

SearchBusinessAnalytics

Power BI update firms up Microsoft analytics market

With its latest update to Power BI, Microsoft showed its commitment to its business intelligence platform and maintained its ...
MicroStrategy product development advances after Voice.com sale

Analytics and BI vendor MicroStrategy sells the Voice.com domain name and moves forward with product R&D in a competitive market ...
Social media analytics applications live and die by the data

This handbook provides insight and advice on how to use analytics to get information on customer sentiment and marketing ...

SearchHRSoftware

New SurveyMonkey SMS feature available for enterprise users

The new SurveyMonkey SMS collector enables enterprise plan customers to send out web links to surveys via text message. The ...
Growth of external workforce brings new tech, new concerns for HR

The growth of the external workforce may be getting ahead of HR's ability to manage it. That raises security issues, including ...
HR execs express anxiety, interest about AI in HR

There are some 22,000 people at the annual SHRM conference in Las Vegas. It's HR's biggest gathering, and it's becoming more of a...

SearchHealthIT

Omron Health incorporates new capabilities for its Alexa skill

Omron added new capabilities to its Alexa skill through its Omron Health app, such as personalized readings and daily heart ...
Data sharing in healthcare is a double-edged sword for patients

Former healthcare CIO John Halamka gets candid about the proposed rules on interoperability and information blocking and explains...
Potential for AI tools in healthcare lies in the long game

AI in healthcare has the potential to help relieve physicians of mundane tasks, and the potential for greater cognitive ...

DevOpsAgenda

How to bust security silos and secure your operation

DevOps means velocity, though, not at security's expense. Rapid7's Jen Andre thinks automation and orchestration strategies can ...
The first step from Agile to DevOps is a pilot project

Agile to DevOps isn't as perilous as Waterfall to Agile, but it will take measurable goals and an efficient pilot project to ...
Best practices for DevOps compliance and reusability

You know you want to scale with a model-driven process. So how do you make it work? Start with these best practices for ...

Close