Penetration Testing Adoption and Best Practices 2020

February, 2020


Penetration testing is an important element of IT security best practices. However, by itself, penetration testing is insufficient. It needs to be part of a robust and iterative process, in combination with the other security best practices to make it a formidable defensive weapon. In this report, we look at the maturity of penetration testing as an IT discipline. We assess current adoption trends by organization size and sector. We conclude with practical advice on best practices for conducting penetration tests. (15 pp., 6 fig)