Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
Picture of a toy toolbox and pliers

The do’s and don’ts of DIY pen testing

Posted on July 1, 2016July 1, 2016 By Davey Winder

If professional penetration testers are out of your budget, is doing it yourself better than not doing it at all?

I’m not going to say that I would recommend DIY pen testing over and above a professional consultancy, because I wouldn’t. However, neither would I say it’s a red flag idea. My rule of thumb would be to do what you are comfortable with, what management is comfortable with and what will do no harm. Which really means that you will be stopping short of real penetration testing and sticking with vulnerability assessments instead.

So, what’s the difference between a vulnerability assessment and an actual penetration test? The former is a way of identifying security issues within your organisation by producing, in effect, a list of vulnerabilities. A proper pen test, however, is much more goal-oriented and as such should be thought of as attack-simulated scenarios designed to hit a specific target such as accessing a particular database or finding and modifying a designated file. Done properly it’s not a list producer, but rather a methodology mapping tool.

Click here to read complete article

Vulnerabilities Tags:Analysis, penetration testing, security, strategy

Post navigation

Previous Post: Liar, liar, email on fire: the security value of lie detecting algorithms
Next Post: Ignore Android security FUD, but buy a new phone anyway

Related Articles

New Google Report Warns Of ‘Real And Significant Threat’ To User Privacy Google
Google Security Warning: First Hack Attack Of 2024—Update Chrome Now Google
Hackers Prompt Emergency Google 0-Day Attack Patch For Chrome Users Google
Photo of front end collision, crash test of cars This Surprisingly Simple Hack Can Crash iPhones—Update To iOS 17.2 Now Hacking
Google Chrome 120—Update Now As New Security Risks Revealed Google
New Critical Google Chrome Security Warning As 0-Day Exploit Confirmed Announcements

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy