There are potential risks involved with performing penetration tests,
but the benefits can outweigh the risks. There are risks similar to
those that can crop up during an in-depth vulnerability scan, and the
exploitation steps that a skilled pen tester might take can pose
For example, using a well-known exploit could have
less risk than custom-developed exploits, where the results of execution
are unknown. To protect against potential penetration test risks,
companies should ensure they have adequate backup plans
in case an application or servers fail, or data is deleted or corrupted
as a result of a pen test.
Companies should also have tools in place to
detect problems with the systems in the pen test so the systems can be
recovered quickly.The tests could also be limited to off hours or during production downtime windows to limit potential risks.