Don’t get caught out: make sure you use the right type of penetration test!

An article that appeared on Forbes online last year compared getting a penetration test to going for an MRI scan.  “It’s never something you want to do, and you hope the results come back negative, but you do it because you want peace of mind and you want to know what things look like in the real-world”.

Despite the numerous benefits of conducting penetration testing, many companies still neglect investing in regular penetration testing due to the difficulty of getting budget approved for this.

The budget holders often don’t understand why the company needs to spend money on a “potential problem that they can’t even see”.  They also struggle to understand which test is most suitable for their business needs.

Having been told they need a penetration test in order to meet certain compliance obligations (i.e. PCI DSS), these companies will probably look for the quickest and cheapest way possible to comply with this requirement – a natural reaction for any cost-conscious organisation. In many cases, however, what they end up getting and paying for is not what they actually thought they needed.

One way to avoid paying for the wrong service is to ensure that you understand the differences between an automated vulnerability scan and consultant-driven vulnerability assessments and penetration tests. 

Penetration tests and vulnerability assessments should always be accompanied by a series of manual tests, and always be driven by a trained and experienced consultant who is able to interpret and explain the results of the tests, and make suitable recommendations based on the report findings.

IT Governance, a Crest member company, has developed two free downloadable resources to help companies make better decisions when sourcing penetration testing services:

There is also a detailed explanation of the differences between automated vulnerability scans and consultant-driven tests.

For non-technical managers new to penetration testing, there is an informative webinar that offers useful information and advice about penetration testing.

Alternatively, contact IT Governance today to find out more about our range of flexible and cost-effective penetration testing solutions available on +44-845-070-1750 or email us on