{"id":1090,"date":"2024-09-16T08:00:00","date_gmt":"2024-09-16T15:00:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1090"},"modified":"2025-04-14T09:30:49","modified_gmt":"2025-04-14T16:30:49","slug":"common-security-testing-approaches-leave-gaps-heres-how-to-find-them","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/","title":{"rendered":"Common security testing approaches leave gaps. Here\u2019s how to find them."},"content":{"rendered":"\n<p>Gaps in your security testing program are likely more than simply missed assets. Infrequent testing and even low test accuracy are also gaps, and can be just as bad or worse.<\/p>\n\n\n\n<p>Gaps happen despite the best efforts of everyone involved. The good news is that, with some strategic adjustments, you can reduce gaps using tools you likely already have deployed.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Visualize Your Security Testing Timeline<\/h2>\n\n\n\n<p>In order to make improvements you need to first understand where you are. An effective way to assess your security testing is by thinking of it as woven cloth. IP addresses and web apps are threads running horizontally. Test schedules are threads running vertically. The intersections represent critical points in your network where testing occurs for each asset.<\/p>\n\n\n\n<p>Figure 1 is an example, with circles, squares and triangles to represent <a href=\"https:\/\/www.cycognito.com\/glossary\/vulnerability-scanners.php\">network vulnerability scanning<\/a>, <a href=\"\/learn\/application-security\/dynamic-application-security.php\">dynamic application security testing (DAST)<\/a> and <a href=\"https:\/\/www.cycognito.com\/glossary\/penetration-testing.php\">penetration testing<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"866\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp\" alt=\"\" class=\"wp-image-1159\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-512x346.webp 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-768x520.webp 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1536x1039.webp 1536w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-2048x1386.webp 2048w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure>\n\n\n\n<p class=\"caption\">Figure 1 \u2013 Ten Week Security Testing for Seven Assets<\/p>\n\n\n\n<p>In this example, App 2 and IP address 192.168.1.3 aren\u2019t tested at all. 192.168.1.2 is missing vulnerability scanning at week 6 and week 8. And 192.168.1.4 is tested on a much different frequency than the rest. This is the what. In order to understand the why, you will need to dig further into the business function of these assets and review test policies.<\/p>\n\n\n\n<p>A well-coordinated testing program resembles a tightly woven blanket, where most intersections are covered by colored dots. What you don\u2019t want is a testing program that resembles a worn-out rug; great when new, but worn thin and no longer fit for its purpose.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Coverage, Frequency and Accuracy Gaps = Holes in the Cloth<\/h2>\n\n\n\n<p>Gap management is a constant juggling act. Your security teams have to adjust asset coverage, test frequency and test accuracy; it\u2019s not uncommon to address only one or two out of the three (or none).<\/p>\n\n\n\n<p>It\u2019s not just your company. In a 2023 survey of 304 InfoSec teams, <a href=\"https:\/\/www.cycognito.com\/resources\/reports\/forrester-teamwork-shines-a-light-on-hidden-external-risk\/\">81% rate security testing as important<\/a> but fail to meet expectations for risk management. Gaps aren\u2019t just the result of budget or time issues. Tool complexity, lack of integration, staff skills differences, and fragmented communication are the realities of today\u2019s large IT security teams; any of which can contribute to unwanted risk.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Benefits of Reducing Security Testing Gaps<\/h2>\n\n\n\n<p>By removing gaps, you can build greater efficiency into your processes, leading to several key advantages:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improved risk management. <\/strong>Frequent testing and full coverage are essential for addressing potential vulnerabilities promptly and lowering your mean time to remediation (MTTR).<\/li>\n\n\n\n<li><strong>Better decision making. <\/strong>Full testing provides data that informs strategic decisions and builds a confident answer to \u201chow protected are we\u201d board-level questions.<\/li>\n\n\n\n<li><strong>Accurate KPIs.<\/strong> Executive leadership needs accurate exposure measurements \u2013 this is only possible with if security testing gaps are low.<\/li>\n\n\n\n<li><strong>Cost efficiency.<\/strong> Early detection and remediation of security issues are considered less expensive than dealing with breaches or vulnerabilities after they have been exploited.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">You\u2019ve Most Likely Taken These Approaches<\/h2>\n\n\n\n<p>Let&#8217;s use the three previously mentioned testing approaches as the basis of an example. According to <a href=\"https:\/\/static.fortra.com\/core-security\/pdfs\/guides\/cs-2023-pen-testing-report-gd.pdf\">Fortra\u2019s 2023 Penetration Testing Report<\/a>, network vulnerability scanning is deployed in 87% of surveyed organizations and penetration testing is deployed in 69%. <a href=\"https:\/\/www.cycognito.com\/resources\/reports\/cycognito-state-of-web-application-security-testing-2024\/\">CyCognito\u2019s 2024 State of Web Application Security Testing Report<\/a> found DAST is utilized on roughly 50% of deployed web apps.<\/p>\n\n\n\n<p>InfoSec teams attempting to reduce gaps with these approaches likely do the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Adjust the coverage and frequency of vulnerability scans; tune policies periodically.<\/li>\n\n\n\n<li>Carefully expand DAST for more web apps, some running in production.<\/li>\n\n\n\n<li>Broaden the scope of red teams\/penetration testing or add (occasional) bug bounties.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The goals are spot on. The challenge is in execution. A sound gap reduction strategy involves <em>layered, coordinated testing<\/em>. Test coverage, frequency, and accuracy need to be considered simultaneously, not independently. Without coordination, your efforts create more test data but you won\u2019t know where the gaps are nor inform your next path of action should your budget or priorities change.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Instead, Use This Five Step Workflow<\/h2>\n\n\n\n<p>A methodical approach to reducing gaps pays dividends long term. Repeat this workflow monthly or quarterly to ensure gaps remain minimized.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Gauge your CMDB confidence. <\/strong>Assess your confidence in your asset database, focusing on exposed IP addresses and web apps.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>Why? Asset management is difficult. Only 30% of IT ops and security teams express 80-95% confidence in their network connected endpoints (<a href=\"https:\/\/www.tanium.com\/blog\/configuration-management-database-cmdb\/\">Tanium<\/a>, 2023); <a href=\"https:\/\/noeticcyber.com\/cmdb-best-practices\/\">others<\/a> say CMDB\u2019s are often only 60% accurate.&nbsp;<\/p>\n\n\n\n<p>If you have low confidence in your CMDB, consider it a red flag for your entire gap reduction effort (and let&#8217;s be honest, low confidence means less than 95%).<\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Gather testing data. <\/strong>This includes the scope and cadence of tests as well as the IPs, subnets and web apps in which they are applied.<\/li>\n\n\n\n<li><strong>Map your security testing on a timeline.<\/strong> Plot assets (by IP or app FQDN), test frequency (by week), and test type. A spreadsheet or python pyplot works well for this.<\/li>\n\n\n\n<li><strong>Find the gaps. <\/strong>Carefully evaluate all intersections. Look not only for assets without testing but also long gaps between tests and mismatched test types. You may need to break up or group the data to make it more consumable.<\/li>\n\n\n\n<li><strong>Adjust your testing. <\/strong>Focus on your most serious gaps first. Maybe a new vuln scan policy in the third week of the month reduces your gap by 30%. Or a DAST policy is targeting the wrong system. Or your pen testing and bug bounties miss a set of critical assets completely.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><strong>Want to move to the next level? <\/strong>Add service and business context to the asset in order to inform your priorities. For example, IP address 192.168.1.3 may deliver a web application (port 80\/443) and FTP (port 21\/990). List these services along with an estimate of business impact \u2013 for example, the web app may handle e-commerce or support a business-critical API.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reduce Gaps Through Smart, Coordinated Security Testing<\/h2>\n\n\n\n<p>With a well-coordinated testing approach, you can turn your security testing fabric into a tightly woven defense, reducing your risk and improving your organization\u2019s resilience against cyber threats.<\/p>\n\n\n\n<p><strong>What are your testing gaps?<\/strong> Answer a few questions about your use of three security technologies and receive a customized report using the <a href=\"https:\/\/www.cycognito.com\/security-gap-calculator\/\">CyCognito security gap calculator<\/a>.<\/p>\n\n\n\n<hr \/>\n\n\n\n<p>CyCognito helps Fortune 500 organizations eliminate security testing gaps in their external attack surface through continuous discovery, monitoring and active security testing, delivered as a fully automated service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gaps in security testing involve more than missed assets &#8211; infrequent and inaccurate security testing can be just as big. This blog provides a five-step plan to help you find testing gaps and tighten your testing program, improving risk management, decision-making, and cost efficiency. A must-read for anyone looking to strengthen their security across their external attack surface.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[206],"tags":[181,180,34,72,49],"class_list":["post-1090","post","type-post","status-publish","format-standard","hentry","category-strategy","tag-dast","tag-gap","tag-pen-testing","tag-security-testing","tag-vulnerability-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Common security testing approaches leave gaps. Here\u2019s how to find them. | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Common security testing approaches leave gaps. Here\u2019s how to find them.\" \/>\n<meta property=\"og:description\" content=\"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-16T15:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-14T16:30:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-08-29-2400x1256-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jason Pappalexis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jason Pappalexis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\"},\"author\":{\"name\":\"Jason Pappalexis\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d24c88adb69cc9e8748425394054a55b\"},\"headline\":\"Common security testing approaches leave gaps. Here\u2019s how to find them.\",\"datePublished\":\"2024-09-16T15:00:00+00:00\",\"dateModified\":\"2025-04-14T16:30:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\"},\"wordCount\":1061,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp\",\"keywords\":[\"DAST\",\"Gap\",\"Pen Testing\",\"Security Testing\",\"Vulnerability Management\"],\"articleSection\":[\"Strategy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\",\"name\":\"Common security testing approaches leave gaps. Here\u2019s how to find them. | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp\",\"datePublished\":\"2024-09-16T15:00:00+00:00\",\"dateModified\":\"2025-04-14T16:30:49+00:00\",\"description\":\"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2.webp\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2.webp\",\"width\":2156,\"height\":1459},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Common security testing approaches leave gaps. Here\u2019s how to find them.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d24c88adb69cc9e8748425394054a55b\",\"name\":\"Jason Pappalexis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a3e2da561c68bc740a2a280b72b231ff?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a3e2da561c68bc740a2a280b72b231ff?s=96&d=mm&r=g\",\"caption\":\"Jason Pappalexis\"},\"description\":\"Sr. Technical Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/jason-pappalexis\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Common security testing approaches leave gaps. Here\u2019s how to find them. | CyCognito Blog","description":"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/","og_locale":"en_US","og_type":"article","og_title":"Common security testing approaches leave gaps. Here\u2019s how to find them.","og_description":"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.","og_url":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/","og_site_name":"CyCognito Blog","article_published_time":"2024-09-16T15:00:00+00:00","article_modified_time":"2025-04-14T16:30:49+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-08-29-2400x1256-email.png","type":"image\/png"}],"author":"Jason Pappalexis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jason Pappalexis","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/"},"author":{"name":"Jason Pappalexis","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d24c88adb69cc9e8748425394054a55b"},"headline":"Common security testing approaches leave gaps. Here\u2019s how to find them.","datePublished":"2024-09-16T15:00:00+00:00","dateModified":"2025-04-14T16:30:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/"},"wordCount":1061,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp","keywords":["DAST","Gap","Pen Testing","Security Testing","Vulnerability Management"],"articleSection":["Strategy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/","url":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/","name":"Common security testing approaches leave gaps. Here\u2019s how to find them. | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2-1280x866.webp","datePublished":"2024-09-16T15:00:00+00:00","dateModified":"2025-04-14T16:30:49+00:00","description":"Security testing approaches often leave gaps. Through smart adjustment of coverage, frequency and accuracy you can increase your resilience to cyber threats.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2.webp","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-Graphic-v2.webp","width":2156,"height":1459},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/common-security-testing-approaches-leave-gaps-heres-how-to-find-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Common security testing approaches leave gaps. Here\u2019s how to find them."}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d24c88adb69cc9e8748425394054a55b","name":"Jason Pappalexis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a3e2da561c68bc740a2a280b72b231ff?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a3e2da561c68bc740a2a280b72b231ff?s=96&d=mm&r=g","caption":"Jason Pappalexis"},"description":"Sr. Technical Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/jason-pappalexis\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1090"}],"version-history":[{"count":10,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1090\/revisions"}],"predecessor-version":[{"id":1455,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1090\/revisions\/1455"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}