InfoSecSherpa

Why Automated #Pentesting Can't Replace BAS: The Validation Trade-Off Security Teams Can't Afford

"Vendors claim automated pentesting can replace Breach and Attack Simulation (BAS), but this "simplification" is actually a coverage regression. Consolidating tools sounds efficient, but skipping simulated attack behaviors leaves your defenses unvalidated until a real adversary strikes."

https://cybersec.picussecurity.com/s/why-automated-pentesting-can-t-replace-bas-the-validation-trade-off-security-teams-can-t-afford-26795

Why Automated Pentesting Can't Replace BAS: The Validation Trade-Off Security Teams Can't Afford

Explore the differences between BAS and automated pentesting, and why neither is sufficient alone. Learn how combining both provides true security visibility.

Apr 24 at 6:12pmWeb
Show threadWulfy—Speaker to the machinesApr 24

@InfoSecSherpa

I was initially to be super dismissive to the article.

I have seen far too many allegedly "professional" #infosec practitioners being irresponsible towards the new threat vector AND attack surface #Ai offers. But the article is solid IMHO

I will just add, that some top end corpo #vibecode devs use software platform simulacra to test against, including security...presumably

Show threadInfoSecSherpaApr 24
@n_dimension I am just sharing things that I think are interesting. I didn't write them!
Show threadPaul Dot XApr 24
@InfoSecSherpa oh so true! Sadly all management sees is $$$ as in few of them if they don't have to pay for employees or outside contractors.