Penetration testing is a decades-old technique. It was pioneered by the RAND Corporation and the US government in the 1960s in response to burgeoning concerns that data carried on emerging computer networks would be intercepted. RAND employed “tiger teams” that used adversarial techniques to identify vulnerabilities in computer systems.
Since then, the practice of employing ethical hackers to find weaknesses in cyber defenses before an attacker has the chance to discover them has remained fundamentally the same.
However, the way testing is done and the environment in which it takes place have changed beyond recognition.
Pen testing regulations
Penetration testing is now both a regulatory requirement and a regulated industry. For example, penetration testing is a mandatory requirement for certification under ISO 27001, the internationally recognized standard for information security management systems.
National governments mandate penetration testing for systems used in the public sector and have set up schemes to regulate the provision of pentesting services. One of these is the CHECK scheme run by the National Cyber Security Centre in the UK.
Such schemes create hurdles to market entry for pentesting service providers but offer essential assurance to customers that the services they’re paying for are both ethical and reliable.
Pen testing in Singapore
Bugcrowd introduced enhancements to its Penetration Testing as a Service (PTaaS) in several major markets last year, and it’s now available in Singapore, as Bugcrowd has successfully obtained the necessary government approvals.
Our licence from the Cybersecurity Services Regulation Office saves potential customers the time and expense of having to undergo a longer due diligence process when selecting a pentesting supplier. Working with licensed suppliers is mandatory for government departments and recommended for other organizations.
Regulation is one way to reduce the overhead costs of cybersecurity for customers but there is much more that suppliers need to do.
As computer networks have become firmly established as essential in the world’s functioning and information has become a global currency, managing cybersecurity programs has become a significant challenge for organizations of all kinds.
Having offered pentesting services for years, Bugcrowd’s ability to provide a crowdsourced solution is not the only thing that sets us apart. At the heart of our PTaaS is a commitment to reducing the management overhead for pen tests, thus reducing the amount of work that our clients have to put in.
Legacy pen test solutions are slow, non-transparent, and low impact, and other PTaaS providers deliver what are often only shallow vulnerability assessments. Our rivals also struggle to access the breadth and depth of pentester skills that many customers need. At Bugcrowd, our customers are able to buy, set up, and launch a human-driven, high-impact pen test, as they are able to access a team matched to their precise needs with just a few clicks, cutting configuration time from days to hours.
With no let-up in the volume and intensity of cybersecurity threats, customers are no longer focused solely on suppliers’ ability to discover vulnerabilities; customers also value suppliers’ ability to reduce the management overheads associated with ensuring and enhancing cybersecurity.
At Bugcrowd we’re committed to bringing this simplicity and effectiveness not only to pentesting but to the range of services we offer.