Penetration Testing and Legacy Systems (2402.10217v1)

Abstract: As per Adusumilli (2015),'70% of corporate business systems today are legacy applications. Recent statistics prove that over 60% of IT budget is spent on maintaining these Legacy systems, showing the rigidity and the fragile nature of these systems.' Usually, testing is included during the software development cycle, using testing techniques such as unit testing, integration testing, and system testing before releasing the product. After the software product is released to production, no additional testing is done; the testing process is back to the table only when modifications are made. Techniques such as regression testing are included to ensure the changes do not affect existing functionality, but testing nonfunctional features that are rarely included in such regression tests' scope. Schrader (2021) affirms that 'legacy systems are often maintained only to ensure function,' and IT organizations may fail to consider the cybersecurity perspective to remain secure. Legacy systems are a high-risk component for the organization that must be carefully considered when structuring a cyber security strategy. This paper aims to help the reader understand some measures that can be taken to secure legacy systems, explaining what penetration testing is and how this testing technique can help secure legacy systems. Keywords: Testing, legacy, security, risks, prevention, mitigation, pentesting.