COMMENTARY

When automated pen-testing tools first appeared a few years ago, they prompted an interesting question: How close are they to replacing human pen testers?

While the short answer was "not that close — yet," they definitely had potential and were worth keeping an eye on.

Evolving Automated Pen-Testing Tools

As I’ve just had the chance to review the latest iteration of these tools, it’s interesting to see how they’ve evolved. The rate of change is glacial, but they now understand cloud environments and can target Web applications, though they are still temperamental, costly, and miss a few things. One could argue humans are the same. For now, however, humans maintain the advantage — but they aren’t mutually exclusive.

Just like crowdsourced security and traditional pen testing, automated pen testing is now another tool that can be layered onto your offensive security testing, where it can help you find the exploits that matter to your organization.