Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 22

A few additional considerations should be taken into account when discussing when a penetration test should occur. For example, one of the risks of a penetration test is that you could end up crashing a system or network. So to ensure your pentests are successful in providing you with the information you want, you want to make sure you follow these recommendations when possible:

 Perform pentests in a mockup environment. When performing penetration testing, you run the risk of crashing systems or networks due to the nature of the attacks. If possible, create copies of systems inside a test environment and perform the penetration test on the test system. It is critical that the test systems are an exact copy so that the penetration test accurately reflects the test of the real system.

 Perform pentests before deploying the system or application into production. If possible, before a system or application is put into production, perform a penetration test on that component before it goes live. This will help reduce the cost of maintaining the system, as it is more costly to fix security issues once the system or application is in production.

 Perform pentests on a regular basis. Penetration testing is not a one-time thing. It is something that should be performed on a regular basis and after any major changes are made to the environment. For example, if you perform a security test on a web server before it is put in production and you find it is ready for production because all simulated attacks were unsuccessful, it does not mean you do not need to test this system again. You will test the system again during the next annual penetration test.