|
Disadvantages of Penetration testing
Pdf ko'rish
|
| bet | 120/203 | | Sana | 10.01.2024 | | Hajmi | 6,34 Mb. | | #134102 |
Bog'liq Linux This Book Includes 4 Manuscripts The Underground BibleDisadvantages of Penetration testing
Penetration testing gives organizations a false sense of security. Once pen
testers ascertain that the system is able to withstand all penetration attacks,
it may seem as though the system is totally safe from hackers. On the
contrary, pen-testing only outlines possible vulnerabilities that may or may
not be targeted by hackers. Hackers attack when security personnel is most
unaware and counteracting the movements of hackers is usually almost
impossible. Penetration testing often occurs when security personnel and
well prepared and well aware of their movements which is not the case
during a real attack by hackers.
Penetration testing is also labor-intensive and can put a financial strain on a
company. Companies have to budget for getting experts who will
thoroughly assess their systems and identify all potential vulnerabilities. In
other cases, an external expert may be required, which will be even more
costly. Methodologies like gray-box and white-box penetration require
companies to provide documentation and all relevant data on the system to
the pen testers. The labor that goes into the data collection, organization,
synthesis, and analysis may be a discouraging factor to some companies.
The engagement period that it takes to successfully go through data and
understand it may require more resources than a company is ready and
willing to allocate.
Pen testing is not a conclusive security audit. Combing through the system
for vulnerabilities does not guarantee that one will find all potential areas of
interest to hackers. The methodology used also determines the range of
vulnerabilities that the tester can discover and help the company secure. Pen
testing can also be a distraction to normal operations as it involves probing
all security systems.
|
| |
