Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 17

Going with a third-party company to perform the penetration test also has its benefits. For example, the third-party company is most likely not familiar with the organization’s environment (as a hacker would not be), so it can provide an even better picture of an attack because the third party would have to discover all the systems (depending on the type of pentest, which I talk about later in this chapter). Using third-party external testers is also beneficial because you have a fresh set of eyes looking at your network and systems. Internal staff have designed the defensive posture based on the attack vectors they are aware of, while external testers may have knowledge of different attack vectors and may take a totally different approach to exploiting systems.

However, using a third-party company also raises some concerns. For example, what are the qualifications of the consultants doing the pentest? And how will the details and results of the pentest be kept confidential? With a third-party company involved, confidentiality can be a bit more challenging than if a company used internal testers.

A final concern is cost. Going with a third-party company can be very costly, as penetration testing is a time-consuming process and requires a specialized skill.