Why Do IT Audits and Internal Penetration Testing Work?

At first glance audits and penetration testing may seem to be a drag on the momentum of a business’s progress. This cannot be ignored – momentum is very important. Yet, the repercussions of getting hacked, files flip-flopping on the internet, a reputation damaged, underscore the value of IT audits and internal penetration testing. If you are in charge of an IT department, software development organization, quality assurance department, double-check the risks of getting hacked – whatever you want to call it. Breached. Broken. A “bug“. Infiltrated.

I would encourage you to look at it this way:

The goal of any company, division, endeavour, is to make money. To protect the profits there needs to be a defensive shield. Not metal. Fortification. You might be thinking of shoring up your IT assets. Now is the time to start fortifying your fort. If you want any recommendations please let me know. The situation is not getting better right now. SQA needs to be blended with security testing. Waning are the days of Windows-based applications. Yes there are still a lot but fewer. The main thrust is now web applications.

How hackable are your web applications?

Why do IT audits and internal penetration testing work? Simply because they do; they unearth one-off problems and systemic issues that companies, organizations and governments have.

Google the terms “hacked” and “breached”. Every few minutes a business is broken into. It might be “script kiddies“, “unethical hackers“, professional hackers, “unfriendly countries” or other entities.

The bottom line is this. You want uptime, reputation, revenue and continuity of service. More and more there are nefarious individuals and groups bent on preventing this.

Find first what other people will find if you do not find it first. That is a complicated sentence but it makes sense. Contact me if you want a list of tools to use to internally penetration test your app[s] or to get the contact information of a company, Compass IT Compliance (east coast based), that may be able to assist.


Jock Pereira | jockpereira.com | jockster@gmail.com | 978-666-4000


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s