1

Student

Institution

Professor

Course

Date
 2

Penetration Testing

Advantages and Disadvantages Linked To Penetration Testing

A penetration test is described as a simulated cyber-attack against the computer system to

identify available vulnerabilities (McKinnel et al., 2019). Usually, penetration testing methods

include external analysis, internal analysis, blind analysis, double-blind analysis, and targeted

testing. Penetration is associated with various advantages and disadvantages. The benefits linked

to the pen test include that it helps in revealing vulnerabilities and real risks in the existing

system or application configurations. Similarly, penetration testing ensures business continuity

by assisting system users in knowing potential threats to protect them from experiencing

unexpected down time or a loss of accessibility (McKinnel et al., 2019).

Other essential advantages linked to penetration include helping a company maintain

trust in its customers by preventing data breach and enabling a company to follow the PCI

regulations or the ISO 27001 standard that manager and system owners conduct regular security

reviews with skilled testers. The disadvantage linked to penetration testing includes that a slight

mistake in the testing procedure may crash servers. Corrupt critical production data or expose

sensitive data to risks. Moreover, a penetration may cause a host of other adverse effects linked

to mimicking a criminal attack.

Strengths of Penetration Testing

A penetration is accepted as an effective technique to boost system security. This is because it

is associated with various strengths, including different essential steps to understand the current

security posture and identify all breach points identified (McKinnel et al., 2019). Moreover,

penetration testing is cheap; thus, organizations can afford regular penetration tests to promote

their systems' security.

 3

How Penetration Testing May Offer a False Sense of Security for Application Developers

Penetration testing has been a widely accepted technique of improving cybersecurity to enable

system managers and owners to protect their critical assets. However, it may offer a false sense

of security. This is because there are no quality standards to guide the penetration test, and the

quality of penetration tests depends on the experience and skills of the security provider.

Therefore, in the case where an inexperienced security provider ticks off items may offer the

systems managers and owners a false sense of security.

 4

Reference

McKinnel, D. R., Dargahi, T., Dehghantanha, A., & Choo, K. K. R. (2019). A systematic

literature review and meta-analysis on artificial intelligence in penetration testing and

vulnerability assessment. Computers & Electrical Engineering, 75, 175-188.