The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

The primary reason for periodic penetration testing of Internet-facing applications is to identify vulnerabilities in the system, because this will help to improve the security and resilience of the applications and the data they process. A penetration test is a simulated cyberattack that aims to exploit the weaknesses and gaps in the security of an application or a system. A penetration test can reveal the vulnerabilities that may not be detected by other methods, such as automated scanning or code review. A penetration test can also measure the impact and severity of the vulnerabilities, as well as the effectiveness of the existing controls and defenses. A penetration test can also provide recommendations and solutions to remediate the vulnerabilities and prevent future attacks. Internet-facing applications are programs and services that are accessible from the internet, such as web applications, APIs, cloud services, or VPN gateways. Internet-facing applications are exposed to a variety of cyber threats, such as denial-of-service attacks, SQL injection attacks, cross-site scripting attacks, or credential stuffing attacks. These threats can compromise the confidentiality, integrity, and availability of the applications and the data they handle. Therefore, periodic penetration testing of Internet-facing applications is essential to identify vulnerabilities in the system and to protect the applications and the data from cyberattacks. References = Web Application Penetration Testing: A Practical Guide - BrightSecurity1, The Basics of Web Application Penetration Testing | Turing2, Periodic Penetration Testing: What is the best pentesting frequency …