How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

8.5k viewscircle icon6 Upvotescircle icon5 Comments
Sort by:
Engineer5 months ago

Pentesting is done once every year. 

Lightbulb on1
IT Manager in Energy and Utilitiesa year ago

We normally perform pen text before the application goes live then once every year. From my experience the actual pen test needs variation and hence can’t be easily automated.

Lightbulb on1
Information Security Analysta year ago

I would say the testing should be done once every new module is brought into the application

IT Analyst in IT Services2 years ago

It is recommended to perform penetration testing on web applications at least once a year or after significant changes are made to the application. However, more frequent testing, such as quarterly or monthly, may be necessary for highly critical applications.

As for automating pen tests as part of the CI/CD process, yes, it is possible. This is commonly known as "Continuous Penetration Testing." It involves integrating automated penetration testing tools into the CI/CD pipeline to identify and report vulnerabilities in real-time. This helps to ensure that any new vulnerabilities introduced by code changes are detected and remediated early in the development process. There are many commercial and open-source tools available that can be used to automate pen tests as part of the CI/CD process.

Lightbulb on1 circle icon1 Reply
no title2 years ago

Thanks for update. Will checkout tools for same.

Content you might like

Lack of mature vendor solutions41%

Trust in AI accuracy65%

Budget constraints29%

Skills to operate the tools47%

View Results

Data Security44%

Data Migration Complexity32%

Performance Concerns21%

Integration With Other Tools23%

Budget/Cost41%

View Results