Pen testing is most beneficial whenever new software or applications are being installed, as this is the time when the network is most vulnerable. It is usually performed as part of the DevOps stage while bugs are being detected and final tweaks to features and functionality are happening.
Pen testing is not simply a “one-and-done” procedure. For best results, it should be scheduled on a regular, at least annually, basis. And obviously, pen testing is most effective if it happens before a real attack occurs.
Resources:
