If you Google “How often should I do penetration testing?”, the first answer that pops up is “once a year.” Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually (or after significant changes to infrastructure or applications), while internal penetration testing takes place annually, with segmentation testing occurring every six months. Yet today’s cybercriminals don’t work on annual schedules. They don’t wait until pen testing time rolls around and the … More
The post Once is never enough: The need for continuous penetration testing appeared first on Help Net Security.
