How to implement a continuous offensive security testing program

The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the day it runs, then quietly expires. The environment shifts, a control drifts, a new technique lands, and the report now describes a network that no longer exists. That gap, between finding an exposure and trusting … More

The post How to implement a continuous offensive security testing program appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article: