Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Articles

Home  >  Articles  >  Penetration Testing Under UK Law
NextPrevious
penetration testing under UK law

Penetration Testing Under UK Law

Articles | 17 April, 2018 | 3

When penetration testing is conducted within the UK, there are a number of laws that govern the activities that form part of a penetration test.

For the majority of tests, these laws include the following:

  • UK Computer Misuse Act 1990
  • UK Data Protection Act 1998
  • Human Rights Act 1998
  • Police and Justice Act 2006

In order to ensure that penetration testing is conducted in line with UK law and also to ensure that the test is conducted as efficiently as possible, a testing consent form must always be used to capture the exact scope of the test and provides those responsible for an organisation’s infrastructure with a means of providing their consent.

Typically, a testing consent form will capture the following information:

  • Name & Position of the individual who is providing their consent
  • Authorised Testing Period – both the date range and hours that testing is permitted
  • Contact information for members of technical staff, who may provide assistance during the test
  • IP addresses or URL that are in scope of testing
  • Exclusions to certain hosts, services or areas within applications
  • Credentials that may be required as part of authenticated application testing

Consent forms should always be signed by someone who is in a position of legal authority within an organisation (for example one of the company directors), in order to indemnify the testing company (and the individuals performing the test) from all applicable laws for the duration of the test. It is important that consent is also obtained from any owners of 3rd party hosting environments or equipment, which may also come under the scope of testing.

At SecureTeam, no testing activities are ever performed until a fully-completed and signed consent form has been returned by our customers. This ensures that we remain compliant with the relevant UK laws and that the scope of testing is fully understood by both our client and the consultants who will be conducting the test.

Lastly, due to a completed testing consent form containing potentially sensitive information, it should be handled in accordance with the client and testing organisation’s data handling procedures.

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.

how to, penetration testing, UK Law, vulnerability management

Related Post

  • HPE patches RCE 0day in SIM software

    By Mark Faithfull

    Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) featureRead more

  • Two thirds of cyber-crimes repeated within 12 months

    By Mark Faithfull

    According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year.  Cyber-criminals assume that organisation will not learn a lesson from the firstRead more

  • The importance of Cybersecurity basics

    By Mark Faithfull

    Since early May, the city of Baltimore has struggled to recover IT systems following a ransomware attack that has left many departments unable to function or even send and receive emails. Citizens have been unableRead more

  • Cybercriminals shift focus from consumers to businesses

    By Mark Faithfull

    Compared to Q1 2018, malware detections in businesses has increased 235% while dropping 24% for consumers. Anti-virus and security firm Malwarebytes reports in their latest Cybercrime Tactics and Techniques report that cybercriminals are following theRead more

  • Why Pen-Testing Matters

    By Mark Faithfull

    What is pen-testing and how does it keep your business secure? Penetration testing defined Penetration testing is a form of ethical hacking, where organisations ask a trusted expert to try to penetrate (access) their networkRead more

NextPrevious

Recent Posts

  • Chrome leads the way with security changes
  • NetUSB RCE Flaw in Millions of End User Routers
  • What is a SIM swap attack?
  • Senior Governance, Risk & Compliance Consultant
  • Senior Penetration Tester

Tags

Adobe Android Apple blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DDoS Dell DNS Exchange Server exim fileless formjacking GDPR Google Linux Meltdown microsoft Mozilla ncsc patching penetration testing phishing ransomware RDP security breach Security operations security testing SIEM software development Spectre supply chain attacks Sysinternals Tomcat vulnerability management web applications web browsers wireless

Archives

  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam