At first glance audits and penetration testing may seem to be a drag on the momentum of a business’s progress. This cannot be ignored – momentum is very important. Yet, the repercussions of getting hacked, files flip-flopping on the internet, a reputation damaged, underscore the value of IT audits and internal penetration testing. If you are in charge of an IT department, software development organization, quality assurance department, double-check the risks of getting hacked – whatever you want to call it. Breached. Broken. A “bug“. Infiltrated.
I would encourage you to look at it this way:
The goal of any company, division, endeavour, is to make money. To protect the profits there needs to be a defensive shield. Not metal. Fortification. You might be thinking of shoring up your IT assets. Now is the time to start fortifying your fort. If you want any recommendations please let me know. The situation is not getting better right now. SQA needs to be blended with security testing. Waning are the days of Windows-based applications. Yes there are still a lot but fewer. The main thrust is now web applications.
How hackable are your web applications?
Why do IT audits and internal penetration testing work? Simply because they do; they unearth one-off problems and systemic issues that companies, organizations and governments have.
Google the terms “hacked” and “breached”. Every few minutes a business is broken into. It might be “script kiddies“, “unethical hackers“, professional hackers, “unfriendly countries” or other entities.
The bottom line is this. You want uptime, reputation, revenue and continuity of service. More and more there are nefarious individuals and groups bent on preventing this.
Find first what other people will find if you do not find it first. That is a complicated sentence but it makes sense. Contact me if you want a list of tools to use to internally penetration test your app[s] or to get the contact information of a company, Compass IT Compliance (east coast based), that may be able to assist.
Jock Pereira | jockpereira.com | firstname.lastname@example.org | 978-666-4000