M.26) Penetration testing

Category:        Corporate and Product Security

Responsible:   PSR, CSR

Effort:              5 hours every 6 months

Based on:       BSI IT Grundschutz M 5.150, M 2574

The CSR and PSR should test the infrastructure and the product regularly for security weaknesses by attacking them. This should be done on technical level with special operating systems like Kali Linux and tools like Metasploit, OWASP Zap or the Burp suite, but also on interpersonal level by using phishing attacks (via email, phone).

All found vulnerabilities need to be analysed (5 Why), evaluated and fixed. The results should be represented to the employees, so they can also learn from the penetration test.



The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.