An application penetration test (commonly called an “app pen test”) is a black-box security testing exercise that tests the security of applications with authorization from the creator of the software. In a black-box app pen test, the tester is granted access to the application and provided with credentials (e.g., username, password, token) to access the application.  The goal is to find any security issues before possible vulnerabilities are passed on to customers.

As a leading provider of application security consulting assessments, AT&T Security Solutions witnesses first-hand the challenges organizations face when it comes to application security. We also see many organizations succeed in achieving better security by taking a proactive approach. Let’s take a look at some of the primary benefits of proactively conducting an app pen test:

  1. It is a good snapshot test to pick the security issues that have been missed during the previous stages of development.
  2. It is a reliable test of how the application interacts with the deployment environment and helps catch potential issues before apps are deployed into production.
  3. Testing may be mandated as part of due diligence required by a compliance program — either internal or industry-mandated (e.g., PCI DSS, HIPAA, PCI PA-DSS, SOX).
  4. It can serve as a verification of security in the Software Development Life Cycle (SDLC) to determine if security bugs are changing with the organization’s security measures.
  5. It gives customers confidence in the product that is being tested and builds trust with the user base.
Does your organization take advantage of the application penetration test before deployment? Do you know other reasons organizations should engage in app pen tests? Please share your experiences and insights in comments.