What is Continuous Penetration Testing?

by Sarah Harvey / September 19th, 2019

Why Do You Need Continuous Penetration Testing?

Applications change. Systems change. Networks change. Employees change. Hackers change. What happens when you connect a new API, add in a new server, or alter your environment in any way? A web application that was stable yesterday may not be with the next update. So, why wouldn’t you engage in continuous penetration testing? A standard penetration test is a snapshot of your security posture at the specific time of testing, whereas continuous penetration testing seeks to fill in the gaps between point-in-time penetration testing.

Hacking attempts happen all the time, and so should penetration testing. Hackers have an unlimited amount of time to launch complicated attacks, spending months testing out different tactics and learning how to avoid warning bells. Continuous penetration testing gives your penetration tester permission to act more like a hacker and provide better coverage for your organization’s security.

Continuous penetration testing isn’t just automated testing, though. At KirkpatrickPrice, continuous penetration testing fully utilizes both automated and manual testing techniques to assess cyber risks to your assets, data, and business. Consider this type of testing an extended coverage of what you already undergo annually or biannually. Instead of just one test a year, we test your environment continuously. Continuous penetration testing is dynamic, more realistic, and can quickly validate the remediation strategies you implement. This type of testing also ensures that you’re being tested against the latest, newest hacking techniques.

What’s the Difference Between Bug Bounty and Continuous Penetration Testing?

Continuous penetration testing isn’t the only way to combat high risk cyber threats, though. Does your organization have a bug bounty program? Bug bounty is a results-driven, crowd-sourced program where payment is offered for valid vulnerabilities found within a specific scope. Bug bounty programs differ from continuous testing because you’re paying for valid results as opposed to, essentially, a retainer for time and effort. Bug bounty programs can be public or private, the most well-known coming from organizations like WordPress, Uber, the Pentagon, Netflix, Microsoft, Facebook, and Apple. In fact, Apple recently opened its bug bounty program to more researchers and expanded its maximum reward to $1 million.

Bug bounty is often seen as riskier than continuous penetration testing, but as long as stringent parameters are set and you’re working with trusted, invitation-only partners, it could be the right ethical hacking solution for your organization.

Is Continuous Penetration Testing Right for My Organization?

Do you have high risk cyber threats? Do you make frequent changes to your applications, networks, systems, or services? Are your clients or stakeholders asking for assurance about your security methods? Do you consider retesting to be valuable? Does your job depend on the preparedness of your security perimeter? Continuous penetration testing may be the best solution for your organization’s penetration testing needs.

We want to find the gaps in your security before a hacker does. We offer advanced, continuous penetration testing as well as bug bounty services. If you want to avoid the consequences of a application, network, or system while working with an expert ethical hacker, contact us today.