How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

Continuous Integration/Continuous Deployment (CI/CD)Applications & PlatformsStrategy & Architecture+4 more
383 views26 Upvotes3 Comments
IT Analyst in IT Services, 2 - 10 employees
It is recommended to perform penetration testing on web applications at least once a year or after significant changes are made to the application. However, more frequent testing, such as quarterly or monthly, may be necessary for highly critical applications.

As for automating pen tests as part of the CI/CD process, yes, it is possible. This is commonly known as "Continuous Penetration Testing." It involves integrating automated penetration testing tools into the CI/CD pipeline to identify and report vulnerabilities in real-time. This helps to ensure that any new vulnerabilities introduced by code changes are detected and remediated early in the development process. There are many commercial and open-source tools available that can be used to automate pen tests as part of the CI/CD process.
2 1 Reply
Senior Engineering Manager in Finance (non-banking), 5,001 - 10,000 employees

Thanks for update. Will checkout tools for same.

1
IT Cyber Security and Compliance in Healthcare and Biotech, 1,001 - 5,000 employees
remediations are manually performed annually

Content you might like

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.31%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.52%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.13%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


357 PARTICIPANTS
9.5k views9 Upvotes1 Comment

What are the best practices for delivering application load balanced hosting services with effective backup plan at multiple locations?

Applications & PlatformsCloudContact Center & Telecom+13 more
Read More Comments
1.6k views8 Upvotes2 Comments

Who will WIN Generative AI Future (GPT/ChatGPT)?

Data & AnalyticsDisruptive & Emerging TechnologiesEnd-User Services & Collaboration+1 more

Open AI (Game Changer: adoption w/ChatGPT)40%

Google (Game Changer: inventor of Transformers, Bard)20%

Microsoft (Game Changer: real time BingGPT+Search plus enterprise enablement)18%

Meta (Game Changer: LLM that can run on single GPU)7%

Amazon (Game Changer: TBD)4%

X.AI / Elon Musk (Game Changer: TBD)3%

Baidu (Chinese tech giant, with GPT version released in March)3%

Someone completely new5%


797 PARTICIPANTS
27.6k views89 Upvotes14 Comments

If you are a PACE organization, can you please let me know what ERM you use? 

Applications & Platforms
Read More Comments
2.5k views2 Comments

I'm looking for advice or even recommendations for outsourcing Salesforce development. We are using Salesforce Enterprise Edition, the current version is 58.0 and is essentially a development platform rather than the traditional off the shelf SF configured. For anyone who has outsourced such development, what was your approach? 

Applications & Platforms
Read More Comments
2.3k views2 Comments