On premise pen testing

Hi all, has anyone had any experience of running a pen test on an on-premise installation?

The reason for asking is we have just run a preliminary pen test where an alert was raised that SQL injection may be possible. They key word is "may" be possible.

The setup is purely "out of the box" with no customisation and the test was carried out by just providing the URL and no credentials.

So from a security perspective has anyone had to do a pen test before and had similar feedback?

Thanks, David

OriginalPostID-247127

  Discussion posts and replies are publicly visible