Problem solve
Get help with specific problems with your technologies, process and projects.
Manual vs. automated penetration testing
Manual penetration testing, automated pen testing or both? Application tools and technologies expert Brad Arkin helps you sort through your application security options.
I have a vague understanding of the differences between manual and automated penetration testing, but I don't know which method to use. Are the
automated pen tests trustworthy? Should I use both methods?
You should absolutely use both methods, by beginning with automated
penetration testing, and supplementing that with manual penetration testing.
Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.
Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.
More information:
Automated penetration testing tools tend to be more efficient and thorough, and chances are that malicious hackers are going to use automated attacks against you. These automated test tools come from many sources, including commercial, open-source and custom designed. Often these tools focus on a particular vulnerability area, so multiple penetration testing tools may be needed.
Because these automated tools are updated monthly or weekly, you must manually verify the output from the automated tools to check for false alarms and to test for the latest vulnerabilities. With over 50 new vulnerabilities being discovered each week, there will always be new vulnerabilities that the tools may not be able to detect. Without doing this manual testing, your penetration testing will be incomplete.
More information:
- Professional Pen Testing for Web Applications -- Attack Simulation Techniques and Tools
- Web application security testing checklist
- Web services pen testing tool released
