{"id":2091,"date":"2022-09-20T12:03:41","date_gmt":"2022-09-20T12:03:41","guid":{"rendered":"https:\/\/firmussec.com\/sg-dev\/dev\/?p=2091"},"modified":"2023-01-13T12:20:40","modified_gmt":"2023-01-13T12:20:40","slug":"penetration-testing-faq","status":"publish","type":"post","link":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/","title":{"rendered":"Penetration Testing FAQ"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1206.4px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_6 1_6 fusion-flex-column fusion-no-small-visibility fusion-no-medium-visibility\" style=\"--awb-bg-blend:overlay;--awb-bg-size:cover;--awb-width-large:16.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:11.52%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:11.52%;--awb-width-medium:16.666666666667%;--awb-spacing-right-medium:11.52%;--awb-spacing-left-medium:11.52%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-blend:overlay;--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:40px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-five\"><h5 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:16;--minFontSize:16;line-height:1.6;\">By Ammrish Singh, Associate Security Consultant \u2013 FIRMUS<\/h5><\/div><div class=\"accordian fusion-accordian\" style=\"--awb-border-size:1px;--awb-icon-size:16px;--awb-content-font-size:var(--awb-typography4-font-size);--awb-icon-alignment:left;--awb-hover-color:var(--awb-color2);--awb-border-color:var(--awb-color3);--awb-background-color:var(--awb-color1);--awb-divider-color:var(--awb-color3);--awb-divider-hover-color:var(--awb-color3);--awb-icon-color:var(--awb-color1);--awb-title-color:var(--awb-color8);--awb-content-color:var(--awb-color7);--awb-icon-box-color:var(--awb-color8);--awb-toggle-hover-accent-color:var(--awb-color5);--awb-title-font-family:var(--awb-typography1-font-family);--awb-title-font-weight:var(--awb-typography1-font-weight);--awb-title-font-style:var(--awb-typography1-font-style);--awb-title-font-size:16px;--awb-title-line-height:1.5;--awb-content-font-family:var(--awb-typography4-font-family);--awb-content-font-weight:var(--awb-typography4-font-weight);--awb-content-font-style:var(--awb-typography4-font-style);\"><div class=\"panel-group fusion-toggle-icon-boxed\" id=\"accordion-2091-1\"><div class=\"fusion-panel panel-default panel-32720935ca8c9e565 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_32720935ca8c9e565\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"32720935ca8c9e565\" role=\"button\" data-toggle=\"collapse\" data-target=\"#32720935ca8c9e565\" href=\"#32720935ca8c9e565\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">How often should I run a penetration testing exercise in my organization?<\/span><\/a><\/h4><\/div><div id=\"32720935ca8c9e565\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_32720935ca8c9e565\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p><a href=\"https:\/\/firmussec.com\/sg\/2022\/08\/02\/what-is-penetration-testing\/\">Penetration Testing<\/a>\u00a0(pentest) is not a one-time activity. Penetration testing should be performed regularly (at least once a year) to ensure more consistent IT and network security management by revealing how newly discovered threats or emerging vulnerabilities might be exploited by malicious threat actors.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-6019621298e1d1ffa fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_6019621298e1d1ffa\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"6019621298e1d1ffa\" role=\"button\" data-toggle=\"collapse\" data-target=\"#6019621298e1d1ffa\" href=\"#6019621298e1d1ffa\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Would I still be a target of cyberattacks if I ran small and medium-sized enterprises?<\/span><\/a><\/h4><\/div><div id=\"6019621298e1d1ffa\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_6019621298e1d1ffa\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Any organisation can experience cyberattacks, including small and medium-sized enterprises, as they are an attractive target for cybercriminals. This is because they usually lack cybersecurity precautions or a dedicated cyber security team as compared to a larger organization. 43% of all cyberattacks target small and medium-sized enterprises, and the consequences of these breaches can be extremely costly, from loss of productivity to company reputation. 60% of all small and medium-sized enterprises are the victims of a data breach that pushes them to permanently close their doors within six months of the attack. Many businesses feel \u201ctoo small\u201d to be affected by a cyber incident. This is also known as the \u201cIt-Cannot-Happen-To-Me\u201d syndrome.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-7ef9ab7b6f8eae842 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_7ef9ab7b6f8eae842\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"7ef9ab7b6f8eae842\" role=\"button\" data-toggle=\"collapse\" data-target=\"#7ef9ab7b6f8eae842\" href=\"#7ef9ab7b6f8eae842\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Is it better to perform pentest activity in the production or pre-production environment?<\/span><\/a><\/h4><\/div><div id=\"7ef9ab7b6f8eae842\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_7ef9ab7b6f8eae842\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>There isn\u2019t one good answer, as it is to be determined according to the organization\u2019s priorities. On one hand, conducting a penetration test on the pre-production environment is interesting, as it is very similar to the production environment, and the tests will not affect the services used by the users. For that reason, there might be fewer restrictions for the test as some vulnerabilities might be further exploited. For instance, there is no repercussion on the production system.<\/p>\n<p>On the other hand, performing penetration testing in a production environment enables the tester to test the vulnerabilities of the same target that is available to users and potential threat actors. It can also validate the security ecosystem the organisation has set up to protect its assets from external threat actors, which can further be used to enhance if required.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-2a6de57ad00e258ce fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_2a6de57ad00e258ce\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"2a6de57ad00e258ce\" role=\"button\" data-toggle=\"collapse\" data-target=\"#2a6de57ad00e258ce\" href=\"#2a6de57ad00e258ce\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">What do you do about the confidential information found during pentest?<\/span><\/a><\/h4><\/div><div id=\"2a6de57ad00e258ce\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_2a6de57ad00e258ce\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Confidential information that FIRMUS might encounter during a pentest is neither collected nor stored. The relevant screenshots will be taken to prove the existence of the vulnerability and impact which will be included in the report.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-62071adc0a9c4e2f9 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_62071adc0a9c4e2f9\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"62071adc0a9c4e2f9\" role=\"button\" data-toggle=\"collapse\" data-target=\"#62071adc0a9c4e2f9\" href=\"#62071adc0a9c4e2f9\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Do I still need a pentest if I have a dedicated security team?<\/span><\/a><\/h4><\/div><div id=\"62071adc0a9c4e2f9\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_62071adc0a9c4e2f9\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Yes. The possibility of having an independent, external entity evaluate security procedures and readiness can be practical and eliminate the problem of possible complacency (even involuntary) of in-house teams. This is also an advantage as the internal team can gain new knowledge of the tactics and techniques used by the 3<sup>rd<\/sup>\u00a0party consultants in performing a penetration test.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-separator fusion-full-width-sep\" style=\"align-self: center;margin-left: auto;margin-right: auto;margin-bottom:20px;width:100%;\"><\/div><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-two\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:40;line-height:1.25;\">Vulnerability Assessment<\/h2><\/div><div class=\"accordian fusion-accordian\" style=\"--awb-border-size:1px;--awb-icon-size:16px;--awb-content-font-size:var(--awb-typography4-font-size);--awb-icon-alignment:left;--awb-hover-color:var(--awb-color2);--awb-border-color:var(--awb-color3);--awb-background-color:var(--awb-color1);--awb-divider-color:var(--awb-color3);--awb-divider-hover-color:var(--awb-color3);--awb-icon-color:var(--awb-color1);--awb-title-color:var(--awb-color8);--awb-content-color:var(--awb-color7);--awb-icon-box-color:var(--awb-color8);--awb-toggle-hover-accent-color:var(--awb-color5);--awb-title-font-family:var(--awb-typography1-font-family);--awb-title-font-weight:var(--awb-typography1-font-weight);--awb-title-font-style:var(--awb-typography1-font-style);--awb-title-font-size:16px;--awb-title-line-height:1.5;--awb-content-font-family:var(--awb-typography4-font-family);--awb-content-font-weight:var(--awb-typography4-font-weight);--awb-content-font-style:var(--awb-typography4-font-style);\"><div class=\"panel-group fusion-toggle-icon-boxed\" id=\"accordion-2091-2\"><div class=\"fusion-panel panel-default panel-d1947b61453aa74cc fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_d1947b61453aa74cc\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"d1947b61453aa74cc\" role=\"button\" data-toggle=\"collapse\" data-target=\"#d1947b61453aa74cc\" href=\"#d1947b61453aa74cc\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Where can Vulnerability Assessment be applied?<\/span><\/a><\/h4><\/div><div id=\"d1947b61453aa74cc\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_d1947b61453aa74cc\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Vulnerability Assessment can be applied to servers, workstations, mobile applications, web applications, databases, or any possible IT asset. However, keep in mind that a vulnerability assessment only conducts an automated scan, and no human interaction is involved to mimic an attacker.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-5d84f9a8e7a42de84 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_5d84f9a8e7a42de84\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"5d84f9a8e7a42de84\" role=\"button\" data-toggle=\"collapse\" data-target=\"#5d84f9a8e7a42de84\" href=\"#5d84f9a8e7a42de84\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Will the vulnerability assessment contain any false positives?<\/span><\/a><\/h4><\/div><div id=\"5d84f9a8e7a42de84\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_5d84f9a8e7a42de84\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Automated scans may contain some false positives, but due to current technological advancements, it is safe to say that 80-90% of findings discovered by scanners are valid. Because scanners primarily use signature-based detection, they may or may not be able to further analyze the findings that they discovered. Thus, the analyst who reviews the findings should know the techniques of verifying and classifying if the vulnerability is valid or false positive.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-41f2272892d4908e2 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_41f2272892d4908e2\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"41f2272892d4908e2\" role=\"button\" data-toggle=\"collapse\" data-target=\"#41f2272892d4908e2\" href=\"#41f2272892d4908e2\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">What potential threats can be prevented by vulnerability assessment?<\/span><\/a><\/h4><\/div><div id=\"41f2272892d4908e2\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_41f2272892d4908e2\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>Vulnerability assessment mainly focuses on weaknesses of the assets, such as OS patches, misconfiguration of commonly used software\/applications, default configuration such as default password in use, version detection, outdated packages used in the assets, etc. These vulnerabilities are often related to a CVE (Common Vulnerabilities and Exposure) which tags certain vulnerabilities with a code from which the scanners get the signatures.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-781c4de7ab282fd94 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_781c4de7ab282fd94\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"781c4de7ab282fd94\" role=\"button\" data-toggle=\"collapse\" data-target=\"#781c4de7ab282fd94\" href=\"#781c4de7ab282fd94\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">How would FIRMUS rate the risk of the vulnerability?<\/span><\/a><\/h4><\/div><div id=\"781c4de7ab282fd94\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_781c4de7ab282fd94\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<p>FIRMUS will use the Common Vulnerability Scoring System (CVSS). It is the most widely used vulnerability scoring method and can be obtained freely at\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1\">https:\/\/www.first.org\/cvss\/calculator\/3.1.<\/a><\/p>\n<\/div><\/div><\/div><div class=\"fusion-panel panel-default panel-22932d008d8b38723 fusion-toggle-has-divider\" style=\"--awb-title-color:var(--awb-color5);--awb-content-color:var(--awb-color7);\"><div class=\"panel-heading\"><h4 class=\"panel-title toggle\" id=\"toggle_22932d008d8b38723\"><a class=\"active\" aria-expanded=\"true\" aria-controls=\"22932d008d8b38723\" role=\"button\" data-toggle=\"collapse\" data-target=\"#22932d008d8b38723\" href=\"#22932d008d8b38723\"><span class=\"fusion-toggle-icon-wrapper\" aria-hidden=\"true\"><i class=\"fa-fusion-box active-icon awb-icon-minus\" aria-hidden=\"true\"><\/i><i class=\"fa-fusion-box inactive-icon awb-icon-plus\" aria-hidden=\"true\"><\/i><\/span><span class=\"fusion-toggle-heading\">Will FIRMUS help the customer to remediate the vulnerabilities found?<\/span><\/a><\/h4><\/div><div id=\"22932d008d8b38723\" class=\"panel-collapse collapse in\" aria-labelledby=\"toggle_22932d008d8b38723\"><div class=\"panel-body toggle-content fusion-clearfix\">\n<div class=\"post-content\">\n<p>FIRMUS will not remediate the vulnerabilities found but will offer remediation guides and assistance.<\/p>\n<\/div>\n<div class=\"fusion-meta-info\"><\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_6 1_6 fusion-flex-column fusion-no-small-visibility fusion-no-medium-visibility\" style=\"--awb-bg-blend:overlay;--awb-bg-size:cover;--awb-width-large:16.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:11.52%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:11.52%;--awb-width-medium:16.666666666667%;--awb-spacing-right-medium:11.52%;--awb-spacing-left-medium:11.52%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>How often should I run a penetration testing exercise in my organization?<\/p>\n","protected":false},"author":3,"featured_media":2093,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[55,31,56],"class_list":["post-2091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles","tag-faq","tag-firmus","tag-penetration-testing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert\" \/>\n<meta property=\"og:description\" content=\"How often should I run a penetration testing exercise in my organization?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/\" \/>\n<meta property=\"og:site_name\" content=\"Penetration Testing Singapore | Top Pentest Services Expert\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/FIRMUSsec\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-20T12:03:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-13T12:20:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"leo.lye@firmussec.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"leo.lye@firmussec.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/\"},\"author\":{\"name\":\"leo.lye@firmussec.com\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/person\\\/9bb2d0bd6b805620eecd8f71aaf67e0b\"},\"headline\":\"Penetration Testing FAQ\",\"datePublished\":\"2022-09-20T12:03:41+00:00\",\"dateModified\":\"2023-01-13T12:20:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/\"},\"wordCount\":2315,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/pen-test.jpg\",\"keywords\":[\"faq\",\"FIRMUS\",\"Penetration Testing\"],\"articleSection\":[\"Articles\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/\",\"name\":\"Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/pen-test.jpg\",\"datePublished\":\"2022-09-20T12:03:41+00:00\",\"dateModified\":\"2023-01-13T12:20:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#primaryimage\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/pen-test.jpg\",\"contentUrl\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/pen-test.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/penetration-testing-faq\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Penetration Testing FAQ\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#website\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\",\"name\":\"Penetration Testing Singapore | Top Pentest Services Expert\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#organization\",\"name\":\"Penetration Testing Singapore | Top Pentest Services Expert\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/dev\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/FIRMUS_Red-1.png\",\"contentUrl\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/dev\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/FIRMUS_Red-1.png\",\"width\":1244,\"height\":281,\"caption\":\"Penetration Testing Singapore | Top Pentest Services Expert\"},\"image\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/FIRMUSsec\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/firmus-security\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/person\\\/9bb2d0bd6b805620eecd8f71aaf67e0b\",\"name\":\"leo.lye@firmussec.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g\",\"caption\":\"leo.lye@firmussec.com\"},\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/author\\\/leo-lyefirmussec-com\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/","og_locale":"en_US","og_type":"article","og_title":"Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert","og_description":"How often should I run a penetration testing exercise in my organization?","og_url":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/","og_site_name":"Penetration Testing Singapore | Top Pentest Services Expert","article_publisher":"https:\/\/www.facebook.com\/FIRMUSsec\/","article_published_time":"2022-09-20T12:03:41+00:00","article_modified_time":"2023-01-13T12:20:40+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg","type":"image\/jpeg"}],"author":"leo.lye@firmussec.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"leo.lye@firmussec.com","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#article","isPartOf":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/"},"author":{"name":"leo.lye@firmussec.com","@id":"https:\/\/firmussec.com\/sg\/#\/schema\/person\/9bb2d0bd6b805620eecd8f71aaf67e0b"},"headline":"Penetration Testing FAQ","datePublished":"2022-09-20T12:03:41+00:00","dateModified":"2023-01-13T12:20:40+00:00","mainEntityOfPage":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/"},"wordCount":2315,"commentCount":0,"publisher":{"@id":"https:\/\/firmussec.com\/sg\/#organization"},"image":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#primaryimage"},"thumbnailUrl":"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg","keywords":["faq","FIRMUS","Penetration Testing"],"articleSection":["Articles"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/","url":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/","name":"Penetration Testing FAQ - Penetration Testing Singapore | Top Pentest Services Expert","isPartOf":{"@id":"https:\/\/firmussec.com\/sg\/#website"},"primaryImageOfPage":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#primaryimage"},"image":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#primaryimage"},"thumbnailUrl":"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg","datePublished":"2022-09-20T12:03:41+00:00","dateModified":"2023-01-13T12:20:40+00:00","breadcrumb":{"@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/firmussec.com\/sg\/penetration-testing-faq\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#primaryimage","url":"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg","contentUrl":"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2023\/01\/pen-test.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/firmussec.com\/sg\/penetration-testing-faq\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/firmussec.com\/sg\/"},{"@type":"ListItem","position":2,"name":"Penetration Testing FAQ"}]},{"@type":"WebSite","@id":"https:\/\/firmussec.com\/sg\/#website","url":"https:\/\/firmussec.com\/sg\/","name":"Penetration Testing Singapore | Top Pentest Services Expert","description":"","publisher":{"@id":"https:\/\/firmussec.com\/sg\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/firmussec.com\/sg\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/firmussec.com\/sg\/#organization","name":"Penetration Testing Singapore | Top Pentest Services Expert","url":"https:\/\/firmussec.com\/sg\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/firmussec.com\/sg\/#\/schema\/logo\/image\/","url":"https:\/\/firmussec.com\/sg\/dev\/wp-content\/uploads\/2022\/12\/FIRMUS_Red-1.png","contentUrl":"https:\/\/firmussec.com\/sg\/dev\/wp-content\/uploads\/2022\/12\/FIRMUS_Red-1.png","width":1244,"height":281,"caption":"Penetration Testing Singapore | Top Pentest Services Expert"},"image":{"@id":"https:\/\/firmussec.com\/sg\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/FIRMUSsec\/","https:\/\/www.linkedin.com\/company\/firmus-security\/"]},{"@type":"Person","@id":"https:\/\/firmussec.com\/sg\/#\/schema\/person\/9bb2d0bd6b805620eecd8f71aaf67e0b","name":"leo.lye@firmussec.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eb74c7c717897a45e12baaec8482a560c60326367b43d53ba6c4fa8e51fe2a86?s=96&d=mm&r=g","caption":"leo.lye@firmussec.com"},"url":"https:\/\/firmussec.com\/sg\/author\/leo-lyefirmussec-com\/"}]}},"_links":{"self":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/posts\/2091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/comments?post=2091"}],"version-history":[{"count":0,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/posts\/2091\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/media\/2093"}],"wp:attachment":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/media?parent=2091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/categories?post=2091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/tags?post=2091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}