{"id":207,"date":"2022-06-02T00:42:00","date_gmt":"2022-06-02T00:42:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=207"},"modified":"2025-06-19T09:13:18","modified_gmt":"2025-06-19T16:13:18","slug":"byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/","title":{"rendered":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing"},"content":{"rendered":"\n

Some Attack Surface Management (ASM) platform vendors provide an ASM solution that intends to fully replace pen testing, but at CyCognito we think a little differently. While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.<\/p>\n\n\n\n

Pen Testing Challenges <\/h2>\n\n\n\n

Pen testing and vulnerability management are important and necessary parts of a cybersecurity program, but that doesn\u2019t mean that they don\u2019t have their own complexity and issues. I\u2019ve already gone in-depth about some of the gaps and challenges when performing pen tests in my blog post How To Get The Most Out Of Pen Tests<\/a>, but, in short, they\u2019re limited in time, resources, and scope. Depending on the scope of assets being tested, a pen testing team may be limited in the testing methods they can use, or they may miss some high-value assets that are outside their specific list. This can lead to inadequate reconnaissance and skipping open-source intelligence, which can limit asset discovery. Time limitations affect reconnaissance and inadequate discovery affects results: after all, you can\u2019t test what you don\u2019t know about.<\/p>\n\n\n\n

Pen Testing Tools Evolution<\/h2>\n\n\n\n

Pen testing tools have evolved over the years. Prior to vulnerability scanners, pen testers were required to perform more in-depth reconnaissance and used more manual pen testing techniques. Before exploitation frameworks such as the Metasploit Framework, pen testers had to rely more heavily on manual testing techniques and individual exploits. These tools have made it easier, faster, and more efficient for pen testers to perform security assessments and are useful for new pen testers to get up to speed more quickly. For example, before the web application pen testing tool Burp Suite, pen testers would have to cobble together multiple tools to achieve the same functionality. <\/p>\n\n\n\n

Instead of replacing pen testing, CyCognito\u2019s reconnaissance and vulnerability discovery tools can be used as part of the pen tester toolkit. CyCognito\u2019s prioritization features, including the Remediation Planner, help pen testers focus on the critical assets that need the most attention instead of relying on scoped lists that may miss important assets or vulnerabilities. The vulnerabilities, stats, and other information CyCognito delivers can be used in pen test reports. The information from the Remediation Planner can provide information for the remediation guidance in the pen test report and the Exploit Intelligence in CyCognito gives pen testers guidance on how to exploit vulnerabilities by providing the exploit details and the steps to execute the exploit against vulnerable assets. This feature is especially useful for junior pen testers or vulnerability management team members. Leveraging CyCognito, pen testers can spend more time on the highest value work: exploiting vulnerabilities.<\/p>\n\n\n\n

Using an EASM<\/a> solution that enhances pen testers\u2019 work instead of replacing pen testing with an ASM platform with a bundled pen testing service frees organizations to find the best pen testing solution for their own attack surface. You may have a vendor that is great at web application testing, and others that are great with infrastructure pen testing or cloud pen testing! You can also diversify the way you have your testing done by including bug bounties alongside your pen testing resources.\u00a0<\/p>\n\n\n\n

When you leverage CyCognito as an extension of your evolved toolset, the insights and information generated by CyCognito are shared with your pen testers much like you might share the results of a vulnerability scan. The insights from CyCognito, however, are more like a full vulnerability assessment. CyCognito also tracks the results of your pen testers\u2019 insights; once pen tests are completed and vulnerabilities are remediated, the status in the dashboard will be updated to show your organization\u2019s improved security posture. <\/p>\n\n\n\n

Addressing Pen Testing Gaps<\/h2>\n\n\n\n

CyCognito extends the pen tester\u2019s toolset and addresses the challenges that pen test teams face – such as time limitations, and inadequate reconnaissance including OSINT – and helps address gaps. By automating the tedious work of defining the attack surface and finding unknown assets for a complete asset inventory, CyCognito gives your organization the flexibility to customize your pen testing strategy. <\/p>\n\n\n\n

To learn more about the challenges and gaps of pen testing read my blog post How To Get The Most Out Of Pen Tests<\/a> or reach out to me through email.<\/p>\n\n\n\n

To learn more about CyCognito\u2019s approach to attack surface management please watch our demo video<\/a> or request a demo here. <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[34],"class_list":["post-207","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-pen-testing"],"yoast_head":"\nBYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-02T00:42:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T16:13:18+00:00\" \/>\n<meta name=\"author\" content=\"Phillip Wylie\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Phillip Wylie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\"},\"author\":{\"name\":\"Phillip Wylie\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e2f7c33edef51af52d53e6bbc19ee0dc\"},\"headline\":\"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing\",\"datePublished\":\"2022-06-02T00:42:00+00:00\",\"dateModified\":\"2025-06-19T16:13:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\"},\"wordCount\":767,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Pen Testing\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\",\"name\":\"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2022-06-02T00:42:00+00:00\",\"dateModified\":\"2025-06-19T16:13:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e2f7c33edef51af52d53e6bbc19ee0dc\",\"name\":\"Phillip Wylie\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c992ab4f006b9fd9f00a3740f79ed61d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c992ab4f006b9fd9f00a3740f79ed61d?s=96&d=mm&r=g\",\"caption\":\"Phillip Wylie\"},\"description\":\"Was Hacker in Residence at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/phillip-wylie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/","og_locale":"en_US","og_type":"article","og_title":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog","og_description":"While some organizations may be fine with an ASM solution that automatically bundles in pen testing, for more companies I think CyCognito, supplemented with a dedicated pen testing team, is a better solution.","og_url":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/","og_site_name":"CyCognito Blog","article_published_time":"2022-06-02T00:42:00+00:00","article_modified_time":"2025-06-19T16:13:18+00:00","author":"Phillip Wylie","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Phillip Wylie","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/"},"author":{"name":"Phillip Wylie","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e2f7c33edef51af52d53e6bbc19ee0dc"},"headline":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing","datePublished":"2022-06-02T00:42:00+00:00","dateModified":"2025-06-19T16:13:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/"},"wordCount":767,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Pen Testing"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/","url":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/","name":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2022-06-02T00:42:00+00:00","dateModified":"2025-06-19T16:13:18+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/byopt-bring-your-own-pen-tester-a-cycognito-use-case-for-pen-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"BYOPT (Bring Your Own Pen Tester) A CyCognito Use Case for Pen Testing"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e2f7c33edef51af52d53e6bbc19ee0dc","name":"Phillip Wylie","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c992ab4f006b9fd9f00a3740f79ed61d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c992ab4f006b9fd9f00a3740f79ed61d?s=96&d=mm&r=g","caption":"Phillip Wylie"},"description":"Was Hacker in Residence at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/phillip-wylie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=207"}],"version-history":[{"count":4,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/207\/revisions"}],"predecessor-version":[{"id":1584,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/207\/revisions\/1584"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}