When looking at how to improve a pen test, there is one main element that is commonly overlooked in traditional pen testing models that has the opportunity to enhance the overall experience. And that is offering feedback as a step in the pen testing process.
Feedback drives performance and is used as a basis for improvement within in many companies. Using customer input to improve a product or service is not a new concept. In general, if customer feedback is received, assessed, and implemented on a regular basis then you are creating a product or service that your customers will want to continue using and that those who have similar needs will want to benefit from as well.
The same goes for pen testing. After a pen test is completed you should assess what went well and what didn’t. The overall goal should be to improve the way things are currently being done so that going forward the testing aligns with your needs. Pen Testing isn’t a one-size-fits-all model which is why Cobalt sees the importance of each individual customer’s feedback and has made it a crucial part of our overall pen testing process. Let’s explore a few key factors to improving a pen test by utilizing feedback:
1. Understand what worked and what didn’t work
A major benefit of adding feedback to pen testing is being able to address what you liked and didn’t like about the process, platform, and people. Acknowledge where there is need for improvement, analyze what will help going forward, and recognize what went well. This will help ensure you’re getting the most value out of your pen tests moving forward.
At Cobalt, feedback is provided via a 5-question survey supported by a follow-up call to dive deeper into the survey responses to address any issues and align on any action items or expectations for the future.
2. Create an environment that promotes open communication
For companies like Lyft and Airbnb, this embedded communication process has become an essential part of making their modern platform successful and ensure scalable quality. It’s done through what is referred to as a two-way rating system. These companies offer a star-rating system built into the process for both buyers and sellers. On both sides, ratings help people trust that the solution meets expectations, and allows everyone to communicate their opinion of the service and platform.
Cobalt has applied this two-way feedback system to penetration testing. You as a customer provide feedback, and the Cobalt team offers insights on how to improve these aspects and leverage the platform efficiencies.
Ensuring that all parties involved are able to voice their opinion about a product or service in a constructive and meaningful way gives a holistic view of how the process or platform is used and how to make it better.
3. Time & timing is important
Everyone’s time is valuable and there just never seems to be enough of it. This is why at Cobalt we try to make things as efficient as possible when it comes to working with our customers with a short survey and phone call. Timing is also key. Typically we aim to get feedback a week or two after testing is complete. That way questions, concerns, and comments are fresh on the mind and can be addressed promptly.
Utilizing feedback allows individuals to positively and openly voice their impression. When applied to pen testing this helps strengthen security efforts, specifically by enhancing the process of resolving vulnerabilities. No one company will have the same view, and no. All input adds value.
In case you missed the previous step in the pen testing process. Here are Best Practices for Verifying Vuln Fixes: https://cobalt.io/blog/best-practices-for-verifying-vuln-fixes