Automating Retesting to Turbocharge Pen Testing

Automating retesting for pen tests - Wall-E

Last Updated on 7 June 2023 by Alastair Digby

Pentesting is an essential part of any modern security program. It helps ensure your organization’s applications and infrastructure are secure by identifying vulnerabilities in your attack surface.

A critical component of pentesting is a retest, a follow-up assessment that ensures your remediation steps have been successfully implemented. This provides assurances that any vulnerabilities identified no longer pose a security risk and strengthens your security posture. We believe automating retesting adds considerable value to a pen test, enabling more flexibility for security and IT teams to check their remediation efforts when it suits them.

Why penetration testing is important?

Protect yourself from cyber attacks

A successful cyber attack can cost businesses millions of dollars in lost revenue, damaged reputation, and legal fees. In addition, a breach can lead to personal identity theft, financial loss, and even job loss.

Identify weaknesses in your security system

If you’re not sure whether your company has been breached, you should perform a penetration test. This will help identify weaknesses in your security system. It also helps you understand how vulnerable your network is to attack.

Prevent data loss

A penetration test will reveal vulnerabilities in your network. These vulnerabilities can lead to data loss. To prevent this, you need to patch your systems regularly.

Ensure that your website works as intended

If you use a website builder, then you should make sure that your site works as intended before you publish it online. This means that you should check that your site loads quickly, has no errors, and has no broken links. It also means that you should ensure that your site is secure by checking that it uses SSL encryption.

Avoid reputational damage

A good reputation is essential for any business. However, it’s not something that you can just build overnight. You need to work hard to maintain a positive image, and one of the best ways to do this is through regular penetration tests. These tests will help you identify potential security flaws in your site, and you can take steps to fix them before they become an issue.

What is a retest?

As part of the 5 stages of a pentest once the initial security assessment has concluded the process should include a retest. The retest is a secondary evaluation which specifically revisits the vulnerabilities identified in the pentest. The rationale being to see if those vulnerabilities have been properly remediated.

Naturally critical and high-risk findings are quickly remediated, however it’s highly advisable to thoroughly work through medium and information level risks for added assurance. Your report could include risk which your organization deems as acceptable but if you’re in doubt then talk to your pentesters to assess the impact.

The importance of retesting

There are numerous benefits to performing a retest following the initial pentest. It ensures that all the identified vulnerabilities have been successfully remediated and manually validated by a pentester. Once completed your pentest report will clearly illustrate that all issues have now been resolved.

Another benefit of performing a retest is it’s more cost-effective than having to perform the entire pentest again. Whilst some pentest providers charge for a retest many don’t and include the retest at no extra cost. Typically the retest should be conducted within 30 – 60 days of the initial test. This is to ensure that changes made to the application or infrastructure haven’t significantly changed as this could impact the retest findings.

If you are in doubt about whether or not to utilize a retest you don’t have to look too hard to find a number of high-profile breaches that have been the result of pentest findings not being remediated. It should there be treated as a key stage in the pentesting process that requires just as much attention as the initial assessment.

Informer’s approach to automating retesting

At Informer one of our core strategic goals has been to automate the retesting process to provide our clients with the capability to retest vulnerabilities as and when vulnerabilities have been remediated.

Typically a retest needs to be booked once remediation has been completed and a day or two set aside for a pentester to go through the list of vulnerabilities. This approach doesn’t always provide the best experience for a number of reasons;

  • Fixes don’t always work on the first attempt the remediate a vulnerability requiring further investigation to resolve the issue
  • Security and IT teams are resource-poor and aren’t able to fix vulnerabilities in the allocated retest time window
  • Critical and high-severity vulnerabilities are triaged as a priority leading to medium and information issues not being remediated
  • Other operational security issues outside the pentest deflect resources
  • Some pentest vendors charge for a retest which can put off having a retest due to budget constraints

Automating retesting provides a more efficient way to retest pentest findings at a time that suits you. Within our attack surface management platform, you simply navigate to your pentest findings and click the retest button to check each vulnerability has been successfully remediated.

If the vulnerability fix hasn’t worked you are notified that further remediation is required and once that’s been completed you can hit the retest button again to check the fix has passed validation. In fact, you can retest the vulnerability as many times as needed allowing you to fix issues based on your resources and timeframes, not ours.