The Importance of Pen Testing
Penetration tests are important to test the security posture of an enterprise network. Generally speaking, automated vulnerability scanning techniques cannot find multi-step attack vectors, social engineering attack vectors, or 0-day vulnerabilities.
Limitations of Pen Testing
A successful pen test finds one or more paths through the network – but other paths may still exist.
Tests that are unsuccessful at penetrating network defenses may lead to a false sense of security.
Vidder's Pen Testing Recommendations
Vidder strongly recommends internal employees perform vulnerability scans and validate those scans with tools such as Metasploit and/or Core.
Vidder also strongly recommends quarterly or annual testing by outside pen testers from different organizations. If a test is unsuccessful, give the pen testers authorization to try to gain physical access to the network.