Why a penetration test?
Of course, conducting a penetration test has one primary benefit: vulnerabilities are uncovered before a malicious attacker can exploit them. But there are also other reasons why companies have a penetration test carried out. In addition to the intrinsic motivation from within the company to improve its own IT security, these are all external reasons:
As a company, you are contractually forced by your own customers (other companies) to have a penetration test carried out. This is particularly common when developing software or offering cloud solutions that process personal data or other sensitive data. The typical DAX 30 companies in particular are relatively strict in their security requirements for their commissioned service providers.
The implementation of security standards or norms often requires conducting penetration tests. The ISO27001 and PCI DSS are the prime examples.
In addition to the GDPR, the requirements for KRITIS operators, the KBA for iKFZ applications, security requirements for digital health applications (DiGa App), etc. ensure that penetration tests are carried out.
Last modified: Nov. 15, 2022