DEV Community

Intesar Shannan Mohammed
Intesar Shannan Mohammed

Posted on

Is web penetration testing worth it?

One of our clients is forcing us to share a web penetration testing report. We do all kinds of security testing ourselves, but they wouldn't accept our reports. The client policy requires the vendors to share a third-party report. I spoke to a bunch of penetration testing companies. It seems they do basic tests and charge ridiculously high. My question is, is it worth doing web penetration testing? Has anyone found it helpful beyond the checklist need?

Discussion (2)

Collapse
_wli profile image
William Li

Since it is your client's audit process then it's more of a hard requirement than something you can decide. You can always forward the charges to your client and present them with a list of third party vendors to pick from. Also, it will be these third parties's asses on the line if the site is penetrated later after deployment.

Collapse
ninjainpajama profile image
ninja in pajama • Edited on

@intesar hire an Indian company, It may be cheap in price.