The Importance of Third-Party Testing
Although many companies have internal teams capable of performing detailed penetration testing, it is important to include third-party testing as part of your testing program.
Third parties often approach testing with a different mindset than an internal team, and as a result are more likely to examine processes and functions without being prejudiced by previous uses of the application. In some cases, internal testers can be quick to discount the presence of certain bug classes due to familiarity with the product, deployment style, or existing security mechanisms that should be in place to protect against such attacks.
In contrast, a third-party penetration tester can provide an unbiased and honest look at an application, something that is often lacking with internal teams. This is equally important when performing annual penetration testing, and it is a best practice to rotate testing teams or third-party providers every 2-3 years to ensure a fresh view on the application.