Why we should stop “pen testing” COTS

The team & I had a few engagements recently where we’ve been asked to conduct penetration testing against a common off the shelf solution (COTS) such as Office 365, Oracle applications and palo alto firewalls. When I questioned organisations why, it becomes apparent that pen-testing is the narrative that is getting pushed throughout the industry. […]