Some people get really worried if a complete stranger sees their dirty laundry. In order to hide their “secrets” they will air their dirty laundy in a dark basement. The problem is the laundry is still dirty, kids are sleeping in dirty sheets, all because you are ashamed.
An excuse some will use not to have a penetration test is, “Our data is too sensitive for you to ever have access to, so you just need to do an audit”. Even better, “Our systems cannot go down, so just do a portscan”. Wow, this is just an amazing security fail! If you don’t trust an outsider, and lets face it, some organizations just can’t, then develop an internal pen test team and program. This is not an excuse not to have a penetration test, its a reason to create your own team! In addition to your own team, consider expanding the scope for external testers. This is something that you’ve heard so many professional penetration testers saying, and its time to start listening and sleeping in clean sheets.
Paul Asadoorian
Security Weekly Enterprises