How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

Continuous Integration/Continuous Deployment (CI/CD)Applications & Platforms

8.4k views6 Upvotes5 Comments

Sort by:

Engineer4 months ago

Pentesting is done once every year.

IT Manager in Energy and Utilitiesa year ago

We normally perform pen text before the application goes live then once every year. From my experience the actual pen test needs variation and hence can’t be easily automated.

Information Security Analysta year ago

I would say the testing should be done once every new module is brought into the application

IT Analyst in IT Services2 years ago

It is recommended to perform penetration testing on web applications at least once a year or after significant changes are made to the application. However, more frequent testing, such as quarterly or monthly, may be necessary for highly critical applications.

As for automating pen tests as part of the CI/CD process, yes, it is possible. This is commonly known as "Continuous Penetration Testing." It involves integrating automated penetration testing tools into the CI/CD pipeline to identify and report vulnerabilities in real-time. This helps to ensure that any new vulnerabilities introduced by code changes are detected and remediated early in the development process. There are many commercial and open-source tools available that can be used to automate pen tests as part of the CI/CD process.

1 1 Reply

no title2 years ago

Thanks for update. Will checkout tools for same.

Content you might like

Which tool is better for ui design?

Photoshop76%

Adobe xd23%

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 94%

Permissions revoked5%

Disciplinary action taken against user2%

View Results

Can someone provide feedback on the Midpoint IGA product from Evolveum? Feedback about the product and engineering would be helpful..

We’re exploring software solutions that allow companies to set up an online marketplace where employees can redeem points for rewards. Ideally, the platform should support: -Company-branded merchandise -A wide selection of other gift options (e.g., experiences, tech, apparel) -Easy point allocation and tracking -Customization and integration with internal systems One example we’re looking at is Givenly. Has anyone used them or something similar? Would love to hear what platforms you’ve had success with — especially those that are easy to manage and scale across departments.

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

Sort by:

Content you might like

Which tool is better for ui design?

What action do you take when a user fails a simulated phishing test?

Can someone provide feedback on the Midpoint IGA product from Evolveum? Feedback about the product and engineering would be helpful..

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Generative AI and Software Engineering Teams: Adoption and Training

Generative AI and ChatGPT: Adoption and Use

DevSecOps: Strategies, Organizational Benefits and Challenges

Impact & Perceptions of A Privacy-First Digital Era

Take Your Insights On-the-Go