Penetration testing started to develop more and more in the last years and became much more popular in any company – from the small business to the large-scale organizations. But what is exactly pentesting?
Penetration testing, often called “pen testing” is one of several techniques used to verify cybersecurity posture and provide a level of assurance to the organization that its cyber defenses are functional. It’s a way of testing defenses against an adversary who mimics a cyber-criminal actor.
The scope of the penetration testing could vary and it depends on your attack surface, business needs and your budget. In main terms penetration testing is used by security professionals to examine your infrastructure, services or applications.
The first and very important rule in penetration testing is that the pentester have to assure that he has a signed contract to perform the services of a pentester, including a statement of work and a detailed scope for the engagement. Failure to follow this advice could result in civil and/or criminal legal action being taken against him.
Remember that there are severe penalties in the UK, USA, EU and most other countries for accessing computers and other network resources without the owner’s permission. Links to the relevant UK legislation are in the useful links document provided below:
The main legislation in the UK is the Computer Misuse Act
(CMA) – 1990.
If you have been very bad then you may fall under Serious Crime Act 2015
The EU I would expect would follow the relevant local countries respective version of Computer Misuse Act.
In the US you have Computer Fraud and Abuse Act(CFAA) https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf
It should be noted also that many compliance and regulatory requirements, including General Data Protection Regulation (GDPR) require an organization to perform regular testing to evaluate the effectiveness of organizational security controls. These regular tests are undertaken to check if the secure baseline is there and if the applied security controls are met.
As the cyber security landscape is everyday battle it’s needed and vital such tests to take place in our daily work as normal part of the whole processes in our company structure and goals. To protect and to be safe is a responsibility of everybody and we have to think about that in a strategic way and in a long pace of time as a perspective. Our actions taken today will affect our business and development tomorrow. That is the reason why countermeasures have to be taken as soon as possible and this could affect our work, development, partnerships and even our lives.
Don’t hesitate to contact our professionals in pentesting to help for any question and need that you have. Tomorrow responsible is the future outcome.
e-mail: firstname.lastname@example.org | phone number: +352 26 39 34 98