{"id":939,"date":"2018-03-06T14:37:45","date_gmt":"2018-03-06T14:37:45","guid":{"rendered":"https:\/\/hostinguk.net\/blog\/?p=939"},"modified":"2018-03-06T15:28:36","modified_gmt":"2018-03-06T15:28:36","slug":"penetration-testing-and-vulnerabillity-scanning","status":"publish","type":"post","link":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/","title":{"rendered":"Vulnerability Scanning & Penetration Testing"},"content":{"rendered":"

We are seeing more and more people putting their sites through the mill to see how they shape up during a shakedown. Be it automated vulnerability scanning for compliance needs (PCI<\/a> or Cyber Essentials<\/a> for example) or full on active penetration testing – these highlight the loose ends, failures, and anything that needs addressing through the eyes of the attacker without having to find out the hard, painful, time consuming, legal and expensive. They are money well spent in this regard. However, there are a few things to consider before you tip up to the starting\u00a0line ready to go:<\/p>\n

Do I have permission to test?<\/h1>\n

Testing of this sort is a hostile act. It will be rattling the windows and doors, and maybe destructive\u00a0in doing so. As such we request that we are given advanced notice of the event and that we have the following information to hand and confirmed:<\/p>\n

– The name of the company doing the test;<\/p>\n

– Confirmed contact details for an engineer in a position to stop the test immediately;<\/p>\n

– Formal confirmation that you are willing to accept liability for any collateral damage that results.<\/p>\n

Will this impact others?<\/h1>\n

We offer many many solutions and tools. Some have control panels, some do not. Some are single machines, some are sprawling estates of hardware. Some blur the lines. What we are clear on however is that we do not allow testing on shared hosting environments. The risk to the other denizens of that server is just too large – equally, you would not want someone else’s testing to interrupt\u00a0your operations, no matter how short or long term.<\/p>\n

This raises the valid point that if you are in a position to need compliance testing of this sort – that it is possible you are using the wrong tool for the job. Virtual Machines<\/a>, Cloud Servers<\/a> and Dedicated Servers<\/a> are the layers above shared hosting – and provide environments\u00a0that can be configured to the needs of the individual – and locked down to their needs.<\/p>\n

In Conclusion<\/h1>\n

We permit vulnerability scans and pen tests on Virtual Machines and Dedicated servers. We do not permit them on shared hosting environments.<\/p>\n

We would require a written or email confirmation of the scan, and confirmation of the window within which it is going to occur, and from what address ranges.<\/p>\n

We would require contact details for the authorized scanning vendor – and means to terminate the scan if needs be.<\/p>\n

All common sense, and intended to ensure we do not see it as an attack, or threat, and have the ability to make it stop should the wheels come off. If in doubt ask : )<\/p>\n","protected":false},"excerpt":{"rendered":"

We are seeing more and more people putting their sites through the mill to see how they shape up during a shakedown. Be it automated vulnerability scanning for compliance needs (PCI or Cyber Essentials for example) or full on active penetration testing – these highlight the loose ends, failures, and anything that needs addressing through… Keep Reading<\/a><\/p>\n","protected":false},"author":6,"featured_media":944,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[11,13],"tags":[210,212,211,209,208,207],"class_list":["post-939","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-regulatory","category-support","tag-compliance","tag-cyber-essentials","tag-gdpr","tag-pci","tag-penetration-test","tag-pentest"],"yoast_head":"\nVulnerability Scanning & Penetration Testing - Hosting UK<\/title>\n<meta name=\"description\" content=\""I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?" - a few words on what we would expect before we give the go ahead.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Scanning & Penetration Testing - Hosting UK\" \/>\n<meta property=\"og:description\" content=\""I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?" - a few words on what we would expect before we give the go ahead.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\" \/>\n<meta property=\"og:site_name\" content=\"Hosting UK\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-06T14:37:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-06T15:28:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png?fit=1920%2C1080&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Anthony Hogbin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Anthony Hogbin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\"},\"author\":{\"name\":\"Anthony Hogbin\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707\"},\"headline\":\"Vulnerability Scanning & Penetration Testing\",\"datePublished\":\"2018-03-06T14:37:45+00:00\",\"dateModified\":\"2018-03-06T15:28:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\"},\"wordCount\":452,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png\",\"keywords\":[\"compliance\",\"cyber essentials\",\"gdpr\",\"pci\",\"penetration test\",\"pentest\"],\"articleSection\":[\"Regulatory\",\"Support\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\",\"name\":\"Vulnerability Scanning & Penetration Testing - Hosting UK\",\"isPartOf\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png\",\"datePublished\":\"2018-03-06T14:37:45+00:00\",\"dateModified\":\"2018-03-06T15:28:36+00:00\",\"author\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707\"},\"description\":\"\\\"I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?\\\" - a few words on what we would expect before we give the go ahead.\",\"breadcrumb\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png\",\"contentUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/staging.hostinguk.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Scanning & Penetration Testing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#website\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/\",\"name\":\"Hosting UK\",\"description\":\"Hosting UK | Domain names | Web hosting | Dedicated Servers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/staging.hostinguk.net\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707\",\"name\":\"Anthony Hogbin\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/author\/huk-ant\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability Scanning & Penetration Testing - Hosting UK","description":"\"I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?\" - a few words on what we would expect before we give the go ahead.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Vulnerability Scanning & Penetration Testing - Hosting UK","og_description":"\"I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?\" - a few words on what we would expect before we give the go ahead.","og_url":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/","og_site_name":"Hosting UK","article_published_time":"2018-03-06T14:37:45+00:00","article_modified_time":"2018-03-06T15:28:36+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/i0.wp.com\/hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png?fit=1920%2C1080&ssl=1","type":"image\/png"}],"author":"Anthony Hogbin","twitter_misc":{"Written by":"Anthony Hogbin","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#article","isPartOf":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/"},"author":{"name":"Anthony Hogbin","@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707"},"headline":"Vulnerability Scanning & Penetration Testing","datePublished":"2018-03-06T14:37:45+00:00","dateModified":"2018-03-06T15:28:36+00:00","mainEntityOfPage":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/"},"wordCount":452,"commentCount":0,"image":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage"},"thumbnailUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png","keywords":["compliance","cyber essentials","gdpr","pci","penetration test","pentest"],"articleSection":["Regulatory","Support"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/","url":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/","name":"Vulnerability Scanning & Penetration Testing - Hosting UK","isPartOf":{"@id":"https:\/\/staging.hostinguk.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage"},"image":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage"},"thumbnailUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png","datePublished":"2018-03-06T14:37:45+00:00","dateModified":"2018-03-06T15:28:36+00:00","author":{"@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707"},"description":"\"I have a service with Hosting UK - what do I need to know about before I have a vulnerability scan or penetration test done?\" - a few words on what we would expect before we give the go ahead.","breadcrumb":{"@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#primaryimage","url":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png","contentUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/staging.hostinguk.net\/blog\/penetration-testing-and-vulnerabillity-scanning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/staging.hostinguk.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Scanning & Penetration Testing"}]},{"@type":"WebSite","@id":"https:\/\/staging.hostinguk.net\/blog\/#website","url":"https:\/\/staging.hostinguk.net\/blog\/","name":"Hosting UK","description":"Hosting UK | Domain names | Web hosting | Dedicated Servers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/staging.hostinguk.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/e7707cd2857ef38b31f396b1bf878707","name":"Anthony Hogbin","url":"https:\/\/staging.hostinguk.net\/blog\/author\/huk-ant\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2018\/03\/vulnerabillityscanning.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p63y3g-f9","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/comments?post=939"}],"version-history":[{"count":1,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/939\/revisions"}],"predecessor-version":[{"id":940,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/939\/revisions\/940"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/media\/944"}],"wp:attachment":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/media?parent=939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/categories?post=939"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/tags?post=939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}