|
|
|
|
|
|
by dossy
1508 days ago
|
|
|
If you know enough to do your own vulnerability scanning, code auditing, and testing -- and, have the human capital/available time in your schedule to do it yourself -- then the answer is probably "no" from an actual security perspective. However, there are many teams who either don't have the knowledge/expertise, or the available time, to do the testing themselves. This is where "buying it off the shelf" can come in handy. Then, there are teams that are completely clueless when it comes to application security, and even the most basic scan by any of these pen testing vendors will find very obvious security defects, which is absolutely valuable for them to learn about. This is the minimum bar that we should hold software application developers to, and there are many who don't even meet this without the assistance of reports from pen testing vendors. Scary, but true. So, YMMV. |
|
|
Thanks!