Penetration testing

What is it? 

A penetration test (pen test) is an activity used to identify security vulnerabilities that may compromise your website application. 

Important: notify GovCMS before you perform pen testing on your website. 

What are the benefits of pen testing? 

A pen test can help make your website application more secure by identifying: 

  • vulnerabilities 
  • the risks associated with vulnerabilities 
  • possible solutions.  

Who should conduct pen testing? 

Security is everyone’s responsibility. We encourage pen testing, especially for customers with PaaS websites responsible for their own security. 

Pen testing can also be useful for SaaS websites. It helps to ensure customisations and webform implementations have not introduced vulnerabilities. 

GovCMS also conduct regular pen tests for the GovCMS distributions and platform.   

When should I conduct a pen test? 

GovCMS recommend pen testing once your new website is ready to go live or after significant changes.  

Should I also conduct a load test? 

You are not required to conduct load testing. The GovCMS platform includes a Content Delivery Network as well as automatic scaling to manage peaks in traffic. 

How do I notify GovCMS before I conduct a pen test? 

You need to notify us before you perform pen testing on your website. There are a few steps you will need to follow: 

  1. Raise a service desk ticket 
  1. We will send you an email with a link to a form that you must complete 
  1. We will submit the details from this form to Amazon Web Services (AWS) and let you know once we have approval. 

It may take up to 48 hours to gain approval from AWS. 

If you conduct a pen test without letting us know, there is a high chance we will view your test as an attack which may lead to blocking traffic. This may cause undesired interruptions and delays to your pen testing exercise. 

Once your testing is complete please share a copy of your report with us. Your results will help us maintain the security of the GovCMS platform. Please email a copy of your report to govcms@finance.gov.au