{"id":39296,"date":"2020-11-09T10:35:46","date_gmt":"2020-11-09T02:35:46","guid":{"rendered":"https:\/\/zegal.com\/?p=39296"},"modified":"2023-11-07T16:24:07","modified_gmt":"2023-11-07T08:24:07","slug":"penetration-testing","status":"publish","type":"post","link":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/","title":{"rendered":"Penetration Testing and Meeting Compliance \u2013 What You Need to Know"},"content":{"rendered":"<div class=\"edgtf-column-inner\">\n<div class=\"edgtf-portfolio-info-item edgtf-content-item\">\n<h3 class=\"edgtf-portfolio-title\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-39297\" src=\"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-1280x720.jpg\" alt=\"penetration testing\" width=\"1280\" height=\"720\" srcset=\"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-1280x720.jpg 1280w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-320x180.jpg 320w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-768x432.jpg 768w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-1536x864.jpg 1536w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-640x360.jpg 640w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-1024x576.jpg 1024w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1-1200x675.jpg 1200w, https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg 1885w\" sizes=\"auto, (max-width: 639px) 98vw, (max-width: 1199px) 64vw, 770px\" \/><\/h3>\n<div class=\"edgtf-portfolio-content\">\n<div class=\"vc_row wpb_row vc_row-fluid edgtf-section edgtf-content-aligment-left\">\n<div class=\"clearfix edgtf-full-section-inner\">\n<div class=\"wpb_column vc_column_container vc_col-sm-12\">\n<div class=\"vc_column-inner \">\n<div class=\"wpb_wrapper\">\n<div class=\"wpb_text_column wpb_content_element \">\n<div class=\"wpb_wrapper\">\n<p><span data-preserver-spaces=\"true\">We often have clients coming to us for penetration testing services for compliance reasons. Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing by third-party security providers. In this post, we gather Pragma\u2019s security experts to answer common questions on penetration testing and how we help in meeting compliance.\u00a0<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">First, what exactly is penetration testing?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">Penetration testing is when a professional tester (like us) acts as an ethical hacker to access an application or systems externally. The whole idea is to detect undiscovered vulnerabilities using different methods in bypassing security mechanisms that are set in the application.\u00a0<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">Does my company need a penetration test?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">A company should undergo a penetration test regularly (at least annually). This is to either catch new vulnerabilities that may be introduced overtime or existing undetected vulnerabilities. A penetration test should also be done when new features are being deployed to the system or if there were to be any new configurations added or changed like a change of firewall rules or changes in the permission set for admin\/member roles.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Most of the time, companies undergo penetration testing for compliance purposes. It could be compliance to International Security Standards such as ISO 27000, or industry-standard such\u00a0<a href=\"https:\/\/www.pragmastrategy.com\/news\/practical-compliance-and-the-payment-services-act-complying-with-the-mas-technology-risk-management-notice-and-guidelines\/\">Payment Card Industry (PCI) Standards<\/a>, regulations such as Monetary Authority of Singapore Technology Risk Management and third-party reporting standard such as Service Organisation Report SOC2 further requires Vulnerability Assessment and Penetration Testing to achieve compliance.<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">I need to comply with regulatory requirements. What type of penetration testing should my company go for?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">White, grey box and black testing are the main types of testing. White box means the tester has full information on the application, grey box means most information is known (and usually involved having credentials for testing) and black box is where the tester has no idea of the system at all. Either Grey box or white box is preferred to gain deeper insights on vulnerabilities in the system.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">When a client comes to us for penetration testing for compliance obligations, we generally test the following areas that will satisfy most compliance requirements. However, please speak to us if you require testing beyond these scopes.<\/span><\/p>\n<ul>\n<li><span data-preserver-spaces=\"true\">Configuration and Deploy Management (e.g. misconfigured services or web application security)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Identity Management (e.g. account registration)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Authentication Testing (e.g. basic, multifactor, password strength)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Authorisation Testing (e.g. roles and privileges)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Session Management<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Data Validation (e.g. input sanitisation)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Error Handling\u00a0<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Cryptography (e.g. encryption mechanism and quality)<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Business logic\u00a0<\/span><\/li>\n<li><span data-preserver-spaces=\"true\">Client-side Attacks (e.g. end-user vulnerabilities when using the system or web application)<\/span><\/li>\n<\/ul>\n<h4><strong><span data-preserver-spaces=\"true\">How long will the test take?<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">The length of the test normally depends on the scope of what is being tested upon (i.e. the amount of web application features to test, the number of devices to test) and the engagement time between client and tester (i.e. in answering inquiries).<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">What is the cost for penetration testing?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">The cost depends on the scope of items to be tested (i.e. network devices, functions and parameters on web applications), the complexity of the network infrastructure or the complexity of the web application use cases and whether the testing can be done remotely, or it has to be done onsite.<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">What do I get at the end of the test?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">You will receive a report that indicates the Common Vulnerability Scoring System (CVSS*) score, vulnerability types found (i.e. critical, high, medium, low), description of the issues and the remediation steps to be taken.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">*Note: CVSS is an industry-standard used to evaluate the severity of the potential vulnerabilities found.<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">How do I select a suitable penetration testing service provider?<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">We suggest to first understand the purpose of the test (is it for compliance purposes or part of a security strategy to build cyber resilience?). From there, you can list down the scope or areas that your company need to get tested. If you are unsure, a good penetration testing company will be able to guide you through.\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Look, compare, and query the service provider if they are proficient in testing what you need. For example, check if the penetration testers are OSCP or CREST certified (if required by regulators).\u00a0<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">Lastly, remember to ask for a sample report to check if the service provider covers all areas and provide all the necessary information at the end of the test.\u00a0<\/span><\/p>\n<h4><strong><span data-preserver-spaces=\"true\">I<\/span><\/strong><span data-preserver-spaces=\"true\">\u00a0<\/span><strong><span data-preserver-spaces=\"true\">am not required to meet compliance requirements, is it still worth getting a penetration test?\u00a0<\/span><\/strong><\/h4>\n<p><span data-preserver-spaces=\"true\">A penetration test is always worth the time and effort, given that the cost of a breach is much higher than undergoing a routine test. A penetration test gives you valuable potential insights into your system. There could always be existing weaknesses in the system that is being overlooked or new bugs that are introduced into the system.\u00a0<\/span><\/p>\n<p><span id=\"E64\" class=\"qowt-font5-OpenSans\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-38913 size-thumbnail lazy-loaded\" src=\"https:\/\/ts5mapnq9e48izo12znjei1n-wpengine.netdna-ssl.com\/wp-content\/uploads\/2020\/10\/Mark-Bird-BW-Portrait--e1602129496272-160x160.jpg\" alt=\"\" width=\"160\" height=\"160\" data-lazy-type=\"image\" data-src=\"https:\/\/ts5mapnq9e48izo12znjei1n-wpengine.netdna-ssl.com\/wp-content\/uploads\/2020\/10\/Mark-Bird-BW-Portrait--e1602129496272-160x160.jpg\" \/><\/span><em><span id=\"E59\" class=\"qowt-font5-OpenSans\">Mark Bird is a\u00a0<\/span><span id=\"E61\" class=\"qowt-font5-OpenSans\">Consultant in Cyber Incident Response,\u00a0<a href=\"https:\/\/www.pragmastrategy.com\/?utm_source=Zegal&amp;utm_medium=Blog&amp;utm_campaign=IR\">Pragma Europe Ltd.\u00a0<\/a><\/span><span id=\"E65\" class=\"qowt-font5-OpenSans\">Mark spent 1<\/span><span class=\"qowt-font5-OpenSans\">7<\/span><span class=\"qowt-font5-OpenSans\">\u00a0years working in the UK police and over 5 years as a Detective on the prestigious West\u00a0<\/span><span class=\"qowt-font5-OpenSans\">Midlands Regional Organised Crime Unit Cyber Crime team. After his successful law enforcement career, he entered the private sector and investigated incidents for various industries, including large multinational companies experiencing widespread encryption due to sophisticated Ransomware infection. Mark now leads the Incident Response division for Pragma Europe based in Central England.\u00a0<\/span>Pragma provides Incident Response services to organisations from diverse industries in over 135 countries globally. If you require immediate assistance, please email\u00a0<a href=\"mailto:cirt@pragmastrategy.com\">cirt@pragmastrategy.com<\/a><\/em><\/p>\n<p style=\"text-align: center;\"><b><i>This article does not constitute legal advice.<\/i><\/b><\/p>\n<p style=\"text-align: center;\"><i>The opinions expressed in the column above represent the author\u2019s own.<\/i><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/register.zegal.com\/\"><b>Start managing your legal needs with Zegal today<\/b><\/a><\/p>\n<h5 style=\"text-align: center;\"><a href=\"https:\/\/zegal.com\/zegal-partners\/\">BECOME A ZEGAL REFERRAL PARTNER<\/a><\/h5>\n<p><a href=\"https:\/\/zegal.com\/blog\/post\/social-media-marketing-tweaks-that-could-change-your-business\/\">READ MORE:Social Media Marketing Tweaks That Could Change Your Business<\/a><\/p>\n<p><a href=\"https:\/\/zegal.com\/blog\/post\/anti-forensics-cybercrime\/\">FURTHER READING: Anti-Forensics in Incident Response: Disrupting Cybercrime Investigations<\/a><\/p>\n<p><b>Article syndicated with permission from<\/b><\/p>\n<p><b> https:\/\/www.pragmastrategy.com\/news\/penetration-testing-and-compliance\/<\/b><\/p>\n<p><em>Pragma is a cybersecurity consultancy with global headquarters in Singapore, Australia, Vietnam, and the UK.<br \/>\nTheir strong partnerships and investment in an experienced team are demonstrated in these four solutions; Cyber and Regulatory Consultancy, Incident Response, Cloud Security, and Security Testing.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"edgtf-portfolio-info-holder\">\n<div class=\"edgtf-portfolio-info-item edgtf-portfolio-date\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>We often have clients coming to us for penetration testing services for compliance reasons. Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing by third-party security providers. In this post, we gather Pragma\u2019s security experts to answer common questions on penetration testing and how we [&hellip;]<\/p>\n","protected":false},"author":123,"featured_media":39297,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","inline_featured_image":false,"footnotes":""},"categories":[133],"tags":[13474],"usecases":[],"businesstypes":[],"country":[],"class_list":["post-39296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-startup","tag-compliance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.8 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Penetration Testing and Meeting Compliance | Zegal<\/title>\n<meta name=\"description\" content=\"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/posts\/39296\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Penetration Testing and Meeting Compliance \u2013 What You Need to Know\" \/>\n<meta property=\"og:description\" content=\"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"Zegal UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/getzegal\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-09T02:35:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-07T08:24:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1885\" \/>\n\t<meta property=\"og:image:height\" content=\"1060\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Bird\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@getzegal\" \/>\n<meta name=\"twitter:site\" content=\"@getzegal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Bird\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/\"},\"author\":{\"name\":\"Mark Bird\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#\\\/schema\\\/person\\\/2a77ebd19cd634bc56d753f5632169d1\"},\"headline\":\"Penetration Testing and Meeting Compliance \u2013 What You Need to Know\",\"datePublished\":\"2020-11-09T02:35:46+00:00\",\"dateModified\":\"2023-11-07T08:24:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/\"},\"wordCount\":1023,\"publisher\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg\",\"keywords\":[\"compliance\"],\"articleSection\":[\"Startup\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/\",\"url\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/\",\"name\":\"Penetration Testing and Meeting Compliance | Zegal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg\",\"datePublished\":\"2020-11-09T02:35:46+00:00\",\"dateModified\":\"2023-11-07T08:24:07+00:00\",\"description\":\"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg\",\"contentUrl\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg\",\"width\":1885,\"height\":1060,\"caption\":\"penetration testing\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/penetration-testing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Legal Templates\",\"item\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/all-docs\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Penetration Testing and Meeting Compliance \u2013 What You Need to Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#website\",\"url\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/\",\"name\":\"Zegal UK\",\"description\":\"Need legal? Click Zegal.\",\"publisher\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#organization\",\"name\":\"Zegal UK\",\"url\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/zegal-logo-white.png\",\"contentUrl\":\"https:\\\/\\\/zegal.com\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/zegal-logo-white.png\",\"width\":200,\"height\":69,\"caption\":\"Zegal UK\"},\"image\":{\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/getzegal\\\/\",\"https:\\\/\\\/x.com\\\/getzegal\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/getzegal\\\/\",\"https:\\\/\\\/www.youtube.com\\\/@legalzegal\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/#\\\/schema\\\/person\\\/2a77ebd19cd634bc56d753f5632169d1\",\"name\":\"Mark Bird\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g\",\"caption\":\"Mark Bird\"},\"url\":\"https:\\\/\\\/zegal.com\\\/en-gb\\\/blog\\\/post\\\/author\\\/pragma\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Penetration Testing and Meeting Compliance | Zegal","description":"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/posts\/39296\/","og_locale":"en_GB","og_type":"article","og_title":"Penetration Testing and Meeting Compliance \u2013 What You Need to Know","og_description":"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.","og_url":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/","og_site_name":"Zegal UK","article_publisher":"https:\/\/www.facebook.com\/getzegal\/","article_published_time":"2020-11-09T02:35:46+00:00","article_modified_time":"2023-11-07T08:24:07+00:00","og_image":[{"width":1885,"height":1060,"url":"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg","type":"image\/jpeg"}],"author":"Mark Bird","twitter_card":"summary_large_image","twitter_creator":"@getzegal","twitter_site":"@getzegal","twitter_misc":{"Written by":"Mark Bird","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#article","isPartOf":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/"},"author":{"name":"Mark Bird","@id":"https:\/\/zegal.com\/en-gb\/#\/schema\/person\/2a77ebd19cd634bc56d753f5632169d1"},"headline":"Penetration Testing and Meeting Compliance \u2013 What You Need to Know","datePublished":"2020-11-09T02:35:46+00:00","dateModified":"2023-11-07T08:24:07+00:00","mainEntityOfPage":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/"},"wordCount":1023,"publisher":{"@id":"https:\/\/zegal.com\/en-gb\/#organization"},"image":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg","keywords":["compliance"],"articleSection":["Startup"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/","url":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/","name":"Penetration Testing and Meeting Compliance | Zegal","isPartOf":{"@id":"https:\/\/zegal.com\/en-gb\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#primaryimage"},"image":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg","datePublished":"2020-11-09T02:35:46+00:00","dateModified":"2023-11-07T08:24:07+00:00","description":"Companies that handle sensitive data such as FinTechs and healthcare providers are often required to undergo routine penetration testing.","breadcrumb":{"@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#primaryimage","url":"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg","contentUrl":"https:\/\/zegal.com\/wp-content\/uploads\/2020\/11\/Penetration-Testing-Compliance-Pragma-Blog-2Mp-1.jpg","width":1885,"height":1060,"caption":"penetration testing"},{"@type":"BreadcrumbList","@id":"https:\/\/zegal.com\/en-gb\/blog\/post\/penetration-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Legal Templates","item":"https:\/\/zegal.com\/en-gb\/all-docs\/"},{"@type":"ListItem","position":2,"name":"Penetration Testing and Meeting Compliance \u2013 What You Need to Know"}]},{"@type":"WebSite","@id":"https:\/\/zegal.com\/en-gb\/#website","url":"https:\/\/zegal.com\/en-gb\/","name":"Zegal UK","description":"Need legal? Click Zegal.","publisher":{"@id":"https:\/\/zegal.com\/en-gb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zegal.com\/en-gb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/zegal.com\/en-gb\/#organization","name":"Zegal UK","url":"https:\/\/zegal.com\/en-gb\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/zegal.com\/en-gb\/#\/schema\/logo\/image\/","url":"https:\/\/zegal.com\/wp-content\/uploads\/2021\/11\/zegal-logo-white.png","contentUrl":"https:\/\/zegal.com\/wp-content\/uploads\/2021\/11\/zegal-logo-white.png","width":200,"height":69,"caption":"Zegal UK"},"image":{"@id":"https:\/\/zegal.com\/en-gb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/getzegal\/","https:\/\/x.com\/getzegal","https:\/\/www.linkedin.com\/company\/getzegal\/","https:\/\/www.youtube.com\/@legalzegal"]},{"@type":"Person","@id":"https:\/\/zegal.com\/en-gb\/#\/schema\/person\/2a77ebd19cd634bc56d753f5632169d1","name":"Mark Bird","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d38f4ad4c1ea42973cb3e6b8efa8dd3318197bdb2a5ff4d1a62180f78e45b32f?s=96&d=mm&r=g","caption":"Mark Bird"},"url":"https:\/\/zegal.com\/en-gb\/blog\/post\/author\/pragma\/"}]}},"_links":{"self":[{"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/posts\/39296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/users\/123"}],"replies":[{"embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/comments?post=39296"}],"version-history":[{"count":0,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/posts\/39296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/media\/39297"}],"wp:attachment":[{"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/media?parent=39296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/categories?post=39296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/tags?post=39296"},{"taxonomy":"usecases","embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/usecases?post=39296"},{"taxonomy":"businesstypes","embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/businesstypes?post=39296"},{"taxonomy":"country","embeddable":true,"href":"https:\/\/zegal.com\/en-gb\/wp-json\/wp\/v2\/country?post=39296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}