Penetration Testing: Shortcuts to a Good Test Giving consultants three days to hack a system is no way to replicate what a hacker might do, argues Peiter “Mudge” Zatko, a well-known hacker and consultant who is now a division scientist at BBN Technologies.“Somebody on the outside can take as much time as they wanttheyll eventually stumble across something,” he says.Companies cant pay consultants to hack at will for months on end. But they can open up things like the configuration files from the routers, the firewall rules and the network maps to give the consultant a head start. It will also help the consultant understand how a company views security in light of its business. “It will save you time and money,” says Zatko. In fact, he says that if the consultants find things in this document phase, the company can fix them, and then let the penetration testing begin. Zatko says companies should combine external pen tests with internal ones, to see what might already be compromised inside the perimeterinformation that wont appear in a pen test. M.F. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe