Pen Testing: Let us know

Pen testing, short for penetration testing, is an activity used to identify security vulnerabilities which may compromise a website application. It helps identify vulnerabilities, the associated risks, and can highlight the path to solving them. 

GovCMS conducts regular pen tests for the GovCMS distributions and platform. As part of our accreditation process, we conduct random annual pen tests on our websites and platform. It’s part of what makes us a secure and trusted service, compliant with government standards. 

Depending on the features your site has, or the security policy of your organisation, you may need to arrange a pen test. In particular, sites with heavily customised themes, integration with third-party tools and services, or sites that have web form submission workflows should be pen tested. Web forms such as contact us, events and surveys are all susceptible to attackers.

We also recommend that customers conduct pen tests before their website goes live, or after any significant changes. 

However, it's important to know that you’ll need to give the GovCMS Service Desk at least five business days' notice. There is some technical information we need to coordinate the test, and some technical information GovCMS will provide to the testers. Once your test is complete, we ask agencies to share the results with us. This helps us to appropriately manage any security reports that arise from your testing.

For more information on pen testing and how to let us know, read Penetration Testing.