Penetration tests are not a one-time activity, they should be performed regularly (at least once a year) to ensure more consistent management of IT and network security, revealing how newly discovered threats (0-days, 1-days ) or emerging vulnerabilities could be exploited by malicious hackers.
In addition to the regularly scheduled analyzes and assessments required by regulations such as the GDPR, PCI-DSS, etc, tests should also be performed whenever:
new network infrastructure or applications are added;
significant infrastructure or application updates or changes are applied;
New office locations are established;
security patches are applied;
End user policies are changed.
The importance of retesting
Retesting involves running the exact same tests as in the previous pen test session to verify that remediation efforts have been successful.
Even simple errors, such as not rebooting the system after applying a patch, can cause a weakness to persist. Retesting against an initial test baseline ensures that improvements have been successfully implemented and that security loopholes have been closed.
While it may seem like a lot of effort to redo a completed test once, the retesting process should be streamlined and more efficient. Third-party services typically provide detailed reports on the actions taken during the first test, which can be used to provide instructions on exactly what to do for the re-test.
Comparing the reports of both tests should not only show that the weaknesses have been fixed, but should also reveal if any new vulnerabilities have been discovered.