Penetration Testing: how do you get the most from your budget?
Author: Akimbo_Ops Published: 27 October 2022 Last Updated: 03 November 2022
Ok, we get it: everyone is under pressure to squeeze every penny of value from any company expenditure nowadays. No one has any slack in the budget, its always time to sweat the suppliers. So, how can you obtain the best value from your Penetration Testing spend?
Here at Akimbo Core we have a few ideas:
Its smart to prepare for an engagement in advance to get the most out of your assessment. If you have a test starting soon, has the tester asked for testing accounts? Are these ready?
All too often Akimbo Core testers waste most of a billable day waiting for access to a system…the clock is ticking but no one has thought ahead. Its smart to prepare for an engagement in advance and fill those agreed days. For example, we've had customers leave testers waiting in reception who are ready to get started, ticking down the clock!
Be sure the tester is aware of everything they need to know.
Have you disclosed everything you need us to test? Your web-apps? Your servers and systems? Your Cloud? If things are forgotten or added on at the last minute this will add to the cost. Think carefully especially if you are responsible for a wide range of systems. Whilst there are benefits to a "closed book" approach to security testing, it's not always the best approach. If you're going for an open book approach, don't drop hundreds of pages of documentation on the tester just before they're due to get started - get it over in advance so we can arrive ready to go.
Minimise Onsite Testing
Sometimes onsite testing just cant be avoided – your infrastructure needs testing carefully. But having a skilled tester travel to your location and stay for a number of days will bring the cost of expenses with it. Whilst every effort is made to minimise these they can still add up. Most aspects of penetration testing can be conducted remotely – take advantage of this where you can. There's always the option of getting the tester onsite for the first day or so of the engagement, then conducting the rest of the assessment remotely.
Book some days in advance and bank them.
Day rates within the industry are only heading in one direction and booking a day or two here and there exposes you to price rises over the year. So why not have a think about the total number of days testing you might need, purchase them in advance and agree that you will call on these as required? It means less paper work, fewer purchase orders and it’s a great comfort to know you can call on us without any last minute negotiations.
It's often easy to over focus on the technical side of penetration testing, but it's important to keep delivery and operations in mind when planning your assessment. The better you plan for your engagement, the more value we can deliver for you.