Penetration Testing

Advantages and Disadvantages Linked To Penetration Testing

A penetration test is a simulated cyber-attack on a computer system that is used to

identify weaknesses (McKinnel et al., 2019). External analysis, internal analysis, blind analysis,

double-blind analysis, and targeted testing are common penetration testing approaches.

Penetration comes with a number of benefits and drawbacks. The pen test has several

advantages, including uncovering vulnerabilities and real hazards in existing system or

application configurations. Penetration testing, on the other hand, ensures company continuity by

supporting system users in identifying potential threats, preventing them from incurring

unplanned downtime or loss of access (McKinnel et al., 2019). Other important benefits of

penetration testing include helping a company maintain customer trust by preventing data

breaches and allowing a company to comply with PCI regulations or the ISO 27001 standard,

whereby, according to this rule, managers and system owners must undertake regular security

evaluations with qualified testers

One disadvantage of penetration testing is that even minor errors in the testing technique might

cause servers to crash. Result in the corruption of critical production data or the risk of sensitive

data being exposed. Furthermore, a penetration could result in a slew of other negative

consequences associated with imitating a criminal act (Gangupantulu et al., 2021).

Strengths of Penetration Testing

A penetration is accepted as an effective technique to boost system security. This is because it

is associated with various strengths, including different essential steps to understand the current

security posture and identify all breach points identified (McKinnel et al., 2019). Moreover,

penetration testing is cheap; thus, organizations can afford regular penetration tests to promote

their systems' security.

 How Penetration Testing May Offer a False Sense of Security for Application Developers

Penetration testing has been a widely accepted technique of improving cybersecurity to enable

system managers and owners to protect their critical assets. However, it may offer a false sense

of security. This is because there are no quality standards to guide the penetration test, and the

quality of penetration tests depends on the experience and skills of the security provider.

Therefore, in the case where an inexperienced security provider ticks off items may offer the

systems managers and owners a false sense of security (Ghanem & Chen, 2018).

References

Gangupantulu, R., Cody, T., Park, P., Rahman, A., Eisenbeiser, L., Radke, D., & Clark, R. (2021). Using

cyber terrain in reinforcement learning for penetration testing. arXiv preprint arXiv:2108.07124.

Ghanem, M. C., & Chen, T. M. (2018, October). Reinforcement learning for intelligent penetration testing.

In 2018 Second World Conference on Smart Trends in Systems, Security and Sustainability

(WorldS4) (pp. 185-192). IEEE.

McKinnel, D. R., Dargahi, T., Dehghantanha, A., & Choo, K. K. R. (2019). A systematic

literature review and meta-analysis on artificial intelligence in penetration testing and

vulnerability assessment. Computers & Electrical Engineering, 75, 175-188.