Q

Problem solve

Manual vs. automated penetration testing

Manual penetration testing, automated pen testing or both? Application tools and technologies expert Brad Arkin helps you sort through your application security options.

I have a vague understanding of the differences between manual and automated penetration testing, but I don't know which method to use. Are the automated pen tests trustworthy? Should I use both methods?

You should absolutely use both methods, by beginning with automated penetration testing, and supplementing that with manual penetration testing.

Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.

Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.

More information:

This was last published in June 2006

Dig Deeper on Software Security Test Best Practices

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Software Quality experts

View all Software Quality questions and answers

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchMicroservices

3 ways to grade integration platform-as-a-service vendors

The best iPaaS vendors offer a mix of standardization and flexibility, and they can't leave out compliance. Learn how to compare ...
How Jenkins X updates this CI/CD tool for the cloud, Kubernetes

Jenkins wasn't built for the cloud or Kubernetes, but that's not so for Jenkins X. Here's how users can keep their favorite CI/CD...
How integration platform as a service stacks up against PaaS and SaaS

IT orgs that face a hybrid mix of apps and data sets can turn to iPaaS for integration -- without the overhead of more software ...

TheServerSide.com

Convert JPEG to SVG to improve webpage performance

Vector images open the door for multiple benefits on HTML webpages. Consider SVGs instead of raster images to boost HTML speed ...
Master-slave terminology alternatives you can use right now

Software companies have found alternatives for master-slave terminology to describe their distributed systems. It's time for the ...
RESTful parameters antipattern considerations for queries, paths

Choose carefully for path and query parameters in URL design. Lackluster choices in the design phase can plague client resource ...

SearchCloudApplications

Microsoft Azure Dev Spaces, Google Jib target Kubernetes woes

Microsoft Azure and Google Cloud both added cloud application development tools that improve and simplify the process of creating...
With progressive web applications, developers blur the lines

With progressive web applications, single-page apps, motion UI and other innovations, app development meets the moment, giving ...
Web app development morphs as apps and websites merge

The lines between web and mobile app and websites are blurring, so development silos are out, and boning up on building ...

SearchAWS

AWS WebSocket support ushers in real-time serverless features

The WebSockets vs. HTTP debate has changed for AWS users. With WebSocket support for Amazon API Gateway, users can build ...
AWS predictive scaling boosts cloud's resource management

AWS Auto Scaling offers adjustable resources for workloads with fluctuations in demand. With predictive scaling, AWS applies ...
Use AWS Firecracker to build micro VMs for containerized apps

Firecracker has many of the benefits of containers and VMs, without some of their limitations. Here are a few things to know if ...

SearchBusinessAnalytics

Attunity acquisition expands data management for Qlik users

Qlik's acquisition of Attunity is another sign of the BI vendor's data management ambitions -- and may help attract new users ...
What to consider when choosing big data file formats

While JSON may be the go-to data format for developers, Parquet, ORC or other options may be better for analytics applications. ...
Avoid turbulence when shifting to data analytics in the cloud

When migrating BI and data analytics to the cloud, factor existing analytics processes, software evaluation, data protection and ...

SearchHRSoftware

AI in recruiting may be above HR's head

Video job interviews are powerful tools. HireVue's AI algorithm can watch a candidate without losing focus and notice things a ...
Cybersecurity education: How HR can plan for the inevitable

Cybersecurity is a major concern for any organization, but employees continue to be a top threat. HR can help mitigate insider ...
LinkedIn's recruiting platform billed as 'Intelligent Hiring Experience'

LinkedIn's use of AI requires the sharing of data. It is one reason why the company is combining its talent tools into one system...

SearchHealthIT

Find the best EHR software to manage your patient data

EHR software is required for most health organizations but is available with a variety of features from different vendors. Learn ...
3 technologies to improve the patient check-in process

Allowing patients to check in electronically, whether from a kiosk or tablet, can improve the patient experience and reduce the ...
ONC, CMS strive for a competitive healthcare market with open APIs

Newly proposed rules from CMS and ONC aren't just about fostering interoperability and patient data access, they're also about ...

DevOpsAgenda

How to bust security silos and secure your operation

DevOps means velocity, though, not at security's expense. Rapid7's Jen Andre thinks automation and orchestration strategies can ...
The first step from Agile to DevOps is a pilot project

Agile to DevOps isn't as perilous as Waterfall to Agile, but it will take measurable goals and an efficient pilot project to ...
Best practices for DevOps compliance and reusability

You know you want to scale with a model-driven process. So how do you make it work? Start with these best practices for ...

Close