In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:
- how much organizations budget for pen testing engagements;
- what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
- what percentage of sites are free of exploitable vulnerabilities;
- the easiest ways for attackers to execute their attacks; and
- how often pen tests successfully identify and exploit software vulnerabilities.
The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as: