The level of security knowledge required to do decent penetration testing is a relatively rare skill and therefore often necessitates bringing in a third party which can skew the cost/benefit quite badly.
You're often much better off saying that your site has a certain level of security because it's built in default thing X until it grows a bit.
Generally you'll know already if you're in a market or field where penetration testing is absolutely necessary(finance, health, well known brands etc) and it won't be a question.
You're often much better off saying that your site has a certain level of security because it's built in default thing X until it grows a bit.
Generally you'll know already if you're in a market or field where penetration testing is absolutely necessary(finance, health, well known brands etc) and it won't be a question.