Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

Articles

Home  >  Articles  >  Penetration Testing Under UK Law
NextPrevious
penetration testing under UK law

Penetration Testing Under UK Law

Articles | 17 April, 2018 | 0

When penetration testing is conducted within the UK, there are a number of laws that govern the activities that form part of a penetration test.

For the majority of tests, these laws include the following:

  • UK Computer Misuse Act 1990
  • UK Data Protection Act 1998
  • Human Rights Act 1998
  • Police and Justice Act 2006

In order to ensure that penetration testing is conducted in line with UK law and also to ensure that the test is conducted as efficiently as possible, a testing consent form must always be used to capture the exact scope of the test and provides those responsible for an organisation’s infrastructure with a means of providing their consent.

Typically, a testing consent form will capture the following information:

  • Name & Position of the individual who is providing their consent
  • Authorised Testing Period – both the date range and hours that testing is permitted
  • Contact information for members of technical staff, who may provide assistance during the test
  • IP addresses or URL that are in scope of testing
  • Exclusions to certain hosts, services or areas within applications
  • Credentials that may be required as part of authenticated application testing

Consent forms should always be signed by someone who is in a position of legal authority within an organisation (for example one of the company directors), in order to indemnify the testing company (and the individuals performing the test) from all applicable laws for the duration of the test. It is important that consent is also obtained from any owners of 3rd party hosting environments or equipment, which may also come under the scope of testing.

At SecureTeam, no testing activities are ever performed until a fully-completed and signed consent form has been returned by our customers. This ensures that we remain compliant with the relevant UK laws and that the scope of testing is fully understood by both our client and the consultants who will be conducting the test.

Lastly, due to a completed testing consent form containing potentially sensitive information, it should be handled in accordance with the client and testing organisation’s data handling procedures.

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.

how to, penetration testing, UK Law, vulnerability management

Related Post

  • The importance of Cybersecurity basics

    By Mark Faithfull

    Since early May, the city of Baltimore has struggled to recover IT systems following a ransomware attack that has left many departments unable to function or even send and receive emails. Citizens have been unableRead more

  • Cybercriminals shift focus from consumers to businesses

    By Mark Faithfull

    Compared to Q1 2018, malware detections in businesses has increased 235% while dropping 24% for consumers. Anti-virus and security firm Malwarebytes reports in their latest Cybercrime Tactics and Techniques report that cybercriminals are following theRead more

  • Why Pen-Testing Matters

    By Mark Faithfull

    What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their networkRead more

  • Critical Domain Controller Flaw Requires Urgent Patching

    By Mark Faithfull

    A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched.  IfRead more

  • How Return-Oriented Programming exploits work

    By Mark Faithfull

    Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system.  By obtaining control of the call stack, the attacker can control the flow of existing trusted software runningRead more

NextPrevious

Recent Posts

  • What is Schrems II and how does it affect UK Data Privacy
  • Ransomware claims drop dramatically after mandatory scans
  • Critical Domain Controller Flaw Requires Urgent Patching
  • How Return-Oriented Programming exploits work
  • NCSC Publishes Vulnerability Disclosure Toolkit

Tags

Android blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft patching penetration testing phishing ransomware RDP Row Hammer security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more