How to implement a continuous offensive security testing program

Wait 5 sec.

The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the day it runs, then quietly expires. The environment shifts, a control drifts, a new technique lands, and the report now describes a network that no longer exists. That gap, between finding an exposure and trusting … More →The post How to implement a continuous offensive security testing program appeared first on Help Net Security.