One of our clients is forcing us to share a web penetration testing report. We do all kinds of security testing ourselves, but they wouldn't accept our reports. The client policy requires the vendors to share a third-party report. I spoke to a bunch of penetration testing companies. It seems they do basic tests and charge ridiculously high. My question is, is it worth doing web penetration testing? Has anyone found it helpful beyond the checklist need?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (3)
Since it is your client's audit process then it's more of a hard requirement than something you can decide. You can always forward the charges to your client and present them with a list of third party vendors to pick from. Also, it will be these third parties's asses on the line if the site is penetrated later after deployment.
Yes, web penetration testing is definitely worth it, especially if you have a website or web application that handles sensitive data. Penetration testing can help you identify and fix security vulnerabilities before they are exploited by attackers. There are many reputable penetration testing companies that can help you with this task. When choosing a penetration testing company, be sure to consider their experience, expertise, and reputation.
@intesar hire an Indian company, It may be cheap in price.