How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

8.5k views6 Upvotes5 Comments

Sort by:

Engineer5 months ago

Pentesting is done once every year.

IT Manager in Energy and Utilitiesa year ago

We normally perform pen text before the application goes live then once every year. From my experience the actual pen test needs variation and hence can’t be easily automated.

Information Security Analysta year ago

I would say the testing should be done once every new module is brought into the application

IT Analyst in IT Services2 years ago

It is recommended to perform penetration testing on web applications at least once a year or after significant changes are made to the application. However, more frequent testing, such as quarterly or monthly, may be necessary for highly critical applications.

As for automating pen tests as part of the CI/CD process, yes, it is possible. This is commonly known as "Continuous Penetration Testing." It involves integrating automated penetration testing tools into the CI/CD pipeline to identify and report vulnerabilities in real-time. This helps to ensure that any new vulnerabilities introduced by code changes are detected and remediated early in the development process. There are many commercial and open-source tools available that can be used to automate pen tests as part of the CI/CD process.

1 1 Reply

no title2 years ago

Thanks for update. Will checkout tools for same.

Content you might like

What’s your top barrier to adopting AI-driven pentesting?

Lack of mature vendor solutions41%

Trust in AI accuracy65%

Budget constraints29%

Skills to operate the tools47%

View Results

We have a requirement for automation testing tool at our company. Some high-level requirements for the tool are : 1) Low Code 2) easy to manage for semi technical users 3) should be cross platform i.e (Web - chrome, Mobile - Android and IOS) 4) If it helps we already have JIRA for test case management. Does anyone have experience in this aspect and can suggest any tools?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What is your biggest fear with migrating to the cloud?

Data Security44%

Data Migration Complexity32%

Performance Concerns21%

Integration With Other Tools23%

Budget/Cost41%

View Results

Has anyone done a solution comparison between WhatsApp, Signal, Threema and Olvid? If so kindly share - i am looking at parameters like architecture, design, security model, data confidentiality, in-house hosting, privacy & metadata, document sharing, etc.

How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

Sort by:

Content you might like

What’s your top barrier to adopting AI-driven pentesting?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What is your biggest fear with migrating to the cloud?

Has anyone done a solution comparison between WhatsApp, Signal, Threema and Olvid? If so kindly share - i am looking at parameters like architecture, design, security model, data confidentiality, in-house hosting, privacy & metadata, document sharing, etc.

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Generative AI and Software Engineering Teams: Adoption and Training

Generative AI and ChatGPT: Adoption and Use

DevSecOps: Strategies, Organizational Benefits and Challenges

Take Your Insights On-the-Go