Ah okay, I see the confusion. A lot of people think pen testing is just “try to break into our app” or “try to get into our network” but those are usually narrow scope pen testing.
If you truly want to test your security, you can never rule out physical access. You could have the most secure network in the world and it would mean nothing if you kept it in an unlocked room in a publicly accessible area.
And you’d be surprised by the number of times pen testers gain access to those rooms because of human mistakes.
Interesting. It sounded kind of ridiculous to me, I guess I didn’t consider gaining access to a building or something.
Ah okay, I see the confusion. A lot of people think pen testing is just “try to break into our app” or “try to get into our network” but those are usually narrow scope pen testing.
If you truly want to test your security, you can never rule out physical access. You could have the most secure network in the world and it would mean nothing if you kept it in an unlocked room in a publicly accessible area.
And you’d be surprised by the number of times pen testers gain access to those rooms because of human mistakes.