Earlier this week we heard from ckirsch, Senior Product Marketing Manager for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint: it's a lot!). With the increase in high profile breaches and their costs, more and more emphasis is being put on the pen tester and security in general. Read on if you'd like to get the top takeaways from this week's webcast so that you aren't left in the dark about, "7 Ways to Make Your Penetration Tests More Productive":

  1. Pen testers are in higher demand than ever – Pen testers are extremely highly skilled professionals. Hard to train, harder to find. With the latest developments to PCI enforcing stricter rules around penetration testing methodologies, remediation, and re-testing, pen test costs will be high and the tester's time will be extremely valuable since schedules will book up quickly as organizations clamber to prepare for their audits. This means that security professionals must increase productivity and do more with the same resources, or use expertise in more meaningful ways to get the job done. Increased productivity will allow them to complete more assessments, reduce backlog, enable businesses more quickly, and increase their own market value.
  2. Automation Scalability = Time SavingsWith Metasploit Pro, pen testers can save 45% of their time through many simplified and expedited processes that don't sacrifice quality or thoroughness. You can even set up your own custom workflows to automate additional processes. In particular, the tool allows for automated:
    • Tracking of all data (large sets gathered by both Metasploit and outside sources included!)
    • Baseline pen tests
    • Web app tests
    • Vulnerability validation
    • Post-exploitation modules
    • Social engineering
  3. Reporting is king – Reporting can be the biggest headache when it comes time to pen test your network. Metasploit Pro tracks every action of a pen test for easy audit trails. Some popular reports include compromised hosts, credentials, web app testing, PCI DSS, and FISMA. Features like this allow security professionals to be more efficient and focused fully on their assessment.

To learn how your organization can be more secure by making penetration test processes more productive, efficient, scalable, and automated, and to see a demonstration of how each of the 7 tips can be accomplished in Metasploit Pro, view the webcast on-demand now.