When Should You Run a Pen Test? Here’s the Real Answer
With regulations across industries like automotive & medical, regular pen testing, discover why ethical hackers are your best defense against real ones.
•2:29•HD•0 views
When Should You Run a Pen Test? Here’s the Real Answer
Transcript
So this is always a point of contention because it's cost as to benefit. Ideally, bias as a pen tester based on everything I've seen, i would say at a minimum before any product release or major product release. If it's just a small tweak, don't need pen testing.
Obviously, it would be great to have it, but it's not necessarily mandatory. So before any major product release, for sure, when firmware, cloud, web components are changed significantly, um definitely get a pen test because basically the entire anything that renders the previous pen test null and void.
generally a good rule of thumb to get a new one. um Or when you start introducing a ton of new third party components that you haven't looked into, or maybe one of the components was found to have a serious breach or vulnerability, great to have a pen tester go in and see if they can leverage that.
Just for a peace of mind that states, you know, we're paying someone to be evil. And, you know, that's why i love my job. I'm paid to be evil. And so I have no malicious intent.
So if you can ask people and get pen testers to. Provide you the service that other people with malicious intent will be doing in the background, you can fix this stuff before people would find it.
That's really the goal of pen testing. um So, you know, otherwise, actually a benchmark for it for lower risk products, lower risk products would be annually.
um But as we you know, I'm sure we'll get into later, new regulations in the industry like medical, automotive, industrial, connected devices, you know, red CRA, everything, a lot of them require you to have tested and shown a proven verification that you have secured components, you have met harmonized standards, you have done your due diligence.
So pen testing is becoming more and more and more necessary as people try and get more cybersecurity compliance. so You know, sometimes like that, it can be far more often than annually, maybe twice or even three times a year. It really depends on how much the device is changing and what kind of certifications they're going for.