DEV Community

Intesar Mohammed
Intesar Mohammed

Posted on

Is web penetration testing worth it?

One of our clients is forcing us to share a web penetration testing report. We do all kinds of security testing ourselves, but they wouldn't accept our reports. The client policy requires the vendors to share a third-party report. I spoke to a bunch of penetration testing companies. It seems they do basic tests and charge ridiculously high. My question is, is it worth doing web penetration testing? Has anyone found it helpful beyond the checklist need?

Top comments (3)

Collapse
 
_wli profile image
William Li

Since it is your client's audit process then it's more of a hard requirement than something you can decide. You can always forward the charges to your client and present them with a list of third party vendors to pick from. Also, it will be these third parties's asses on the line if the site is penetrated later after deployment.

Collapse
 
samuleduke profile image
samuleduke

Yes, web penetration testing is definitely worth it, especially if you have a website or web application that handles sensitive data. Penetration testing can help you identify and fix security vulnerabilities before they are exploited by attackers. There are many reputable penetration testing companies that can help you with this task. When choosing a penetration testing company, be sure to consider their experience, expertise, and reputation.

Collapse
 
ninjainpajama profile image
ninja in pajama • Edited

@intesar hire an Indian company, It may be cheap in price.