At VDA Labs we do a variety of technically deep security services for our customers. From product assessments, to incident response, training, and more. One of the things we love to do is enterprise pentesting. Sometimes customers are unsure what portions of the Pentest they should get done. There are a variety of things that need security testing: External systems and controls, applications, technical social engineering, physical bypasses, internal servers, endpoints, embedded systems, wireless, and more.
We’re happy to do each portion separately as part of any given Pentest. And organizations will regularly only pick some of all the possibilities to control costs or timing. However, when all are in scope, customers see more value. As an example, we recently did such a “full scope” Pentest. And we learned things in each phase that were valuable. Those nuggets helped us penetrate deeper during other portions of our ethical hacking. Because the customer saw the value of including many pieces into the testing scope, they were able to learn about bugs that no pentester could have found if they had just ordered a limited scope Pentest.
Picture it this way: “Can you get past this door?” vs. “Can you get into this building?” You learn more by asking the second question, because sometime another portion of the building holds clues about the door.