How frequently do you perform penetration testing of your web applications? Is there a way to automate pen tests as part of the CI/CD process?

Continuous Integration/Continuous Deployment (CI/CD)Applications & PlatformsStrategy & Architecture+4 more
5.9k views7 Upvotes5 Comments
Sort By:
Oldest
IT Analyst in IT Servicesa year ago
It is recommended to perform penetration testing on web applications at least once a year or after significant changes are made to the application. However, more frequent testing, such as quarterly or monthly, may be necessary for highly critical applications.

As for automating pen tests as part of the CI/CD process, yes, it is possible. This is commonly known as "Continuous Penetration Testing." It involves integrating automated penetration testing tools into the CI/CD pipeline to identify and report vulnerabilities in real-time. This helps to ensure that any new vulnerabilities introduced by code changes are detected and remediated early in the development process. There are many commercial and open-source tools available that can be used to automate pen tests as part of the CI/CD process.
1 1 Reply
CTO in Finance (non-banking)a year ago

Thanks for update. Will checkout tools for same.

IT Cyber Security and Compliance in Healthcare and Biotecha year ago
remediations are manually performed annually
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Information Security Analyst7 months ago
I would say the testing should be done once every new module is brought into the application
IT Manager in Energy and Utilities7 months ago
We normally perform pen text before the application goes live then once every year. From my experience the actual pen test needs variation and hence can’t be easily automated.
1

Content you might like

For a medium to large enterprise, we are reviewing options for phishing simulation tools to enhance our security awareness program. Could you share any recommendations or experiences with specific tools that have worked well in your organisations?

SecuritySecurity Strategy & RoadmapAwareness & Training
Information Security Analyst in Manufacturing6 days ago
I have experience with a couple of different phishing simulation solutions, from the earlier Wombat phishing simulation platform (now Proofpoint ThreatSim) to KnowBe4.  Wombat was always a good solution, but I haven't used ...read more
1 Reply
314 views2 Comments

Who will WIN Generative AI Future (GPT/ChatGPT)?

Data & AnalyticsDisruptive & Emerging TechnologiesEnd-User Services & Collaboration+1 more

Open AI (Game Changer: adoption w/ChatGPT)41%

Google (Game Changer: inventor of Transformers, Bard)19%

Microsoft (Game Changer: real time BingGPT+Search plus enterprise enablement)19%

Meta (Game Changer: LLM that can run on single GPU)6%

Amazon (Game Changer: TBD)4%

X.AI / Elon Musk (Game Changer: TBD)3%

Baidu (Chinese tech giant, with GPT version released in March)2%

Someone completely new6%

View Results
46.7k views49 Upvotes15 Comments

What have been your experiences with using OData with Java and/or .Net?

Applications & PlatformsDatabaseEngineering+1 more
243 views2 Upvotes

What workflow automation tool you use to automate your workflow? If possible comment your best use case and how AI will impact on workflow automations.

Applications & PlatformsData & AnalyticsDisruptive & Emerging Technologies+3 more

Zapier25%

KonnectzIT35%

IFTTT21%

Make (Integromat)5%

Other please specify12%

View Results
29.5k views3 Upvotes2 Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments