Menu Icon
< back to main
 • 2 min read

Pen Test Self-Assessment Questionnaire — Get Your Score in 10 Minutes

No matter what level you’re at today, it’s always useful to benchmark your program against what others are doing.

Pen Test Self-Assessment Questionnaire — Get Your Score in 10 Minutes
Caroline Wong
Caroline Wong

Caroline Wong is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and People teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Pen Test Self-Assessment Questionnaire

No matter what level you’re at today, it’s always useful to benchmark your program against what others are doing.

From 2013 to 2016, I delivered BSIMM assessments at Cigital (now Synopsys). I met with dozens of organizations around the world, evaluating their software security programs and providing recommendations for how to take their programs to the next level.

If you’re not familiar with BSIMM, here’s the deal:

  • It’s a research study and strategic decision-making tool for executives.

  • Many organizations use the BSIMM to benchmark their application security programs against other organizations in the world and in their particular industry vertical.

  • They also use it to answer the question, “What should we do next?”

There are a whopping 113 application security activities in the model.

One of the most commonly observed activities is “Use external penetration testers to find problems” but the BSIMM does not provide specific recommendations about how to evaluate a pen test program or what to do to take a pen test program to the next level.

For many organizations, penetration testing is a foundational component of their application security program. While conducting a BSIMM assessment, I was often asked by clients,

“How well is my pen test program performing?”

“How do I take my pen test program to the next level?”

I recently published a Pen Test Self-Assessment Questionnaire to help individuals and organizations answer these questions. You can literally complete the survey in less than 10 minutes and immediately receive a score and tailored recommendations for your pen test program.

We will be using the data collected from this survey to publish a report on the state of application security pen testing. At that time, you’ll be able to compare yourself to the other organizations that completed this questionnaire.

Do you have 10 minutes right now?

Complete the Pen Test Self-Assessment Questionnaire here.

Modernizing PentestingSecurity Team Blog

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens