Pen testing, short for penetration testing, is an activity used to identify security vulnerabilities that may compromise a website application. It helps identify vulnerabilities, the associated risks, and can highlight the path to solving them.
GovCMS conducts regular pen tests for the GovCMS distributions and platform. As part of our accreditation process, we perform random pen tests on our websites and platform. It’s part of what makes us a secure and trusted service, compliant with government standards.
Depending on the features your site has, or the security policy of your organisation, you may need to arrange a pen test. In particular, sites with heavily customised themes, integration with third-party tools and services, or sites that have webform submission workflows should be pen tested. Webforms such as ‘contact us’, events, and surveys are all susceptible to attackers.
We also recommend that customers conduct pen tests after their website goes live so as to include the real world GovCMS protections in place.
However, it's important to know that you’ll need to give the GovCMS Service Desk at least five business days' notice. There is some technical information we need to coordinate the test and some technical information GovCMS will provide to the testers. Once your test is complete, we ask agencies to share the results with us. This helps us to appropriately manage any security findings that arise from your testing.
For more information on pen testing and how to let us know, read Penetration Testing.