If you are looking for a good read, look no further than Rapid7’s Under the Hoodie report (pdf), which details the results of 268 pen tests across all sorts of industries and organization sizes — 251 of which involved live, production network tests. The findings highlight external and internal weaknesses to better shore up defenses against real attackers, as well as include entertaining tales from penetration testers.
Overall, most of Rapid7’s pen testers managed to fly under the radar and remain undetected on 61 percent of all engagements.
