Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you? 

This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected. 

In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here). 

After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats.  With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance. 

What is Penetration Testing? 

Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware). 

The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening. 

Why is it Crucial for an Agency to Conduct Penetration Testing? 

Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks. 

For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years. 

The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage. 

Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk. 

Covering All Bases for Robust Security (in WordPress)

It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of. 

Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users. 

With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance: 

• Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise. 
• Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues. 

This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks. 

What Does Effective Penetration Testing Involve? 

To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures. 

This is usually done in stages, as follows: 

1 – Planning and Preparation

1. Review the results and analysis of any previous tests (if there are any)
2. Define the scope of the testing, including which tests will be performed
3. Gather all necessary data and information on the system to conduct the testing
4. Determine the criteria of success or failure for the tests.

2 – Running the Tests 

1. Use automated tools to scan for vulnerabilities and identify weaknesses 
2. Attempt to exploit the identified weaknesses 
3. Repeat the tests with different types of user roles and permissions
4. Measure the outcomes against criteria for success or failure 
5. Create a report on the outcomes and results of the tests. 

3 – Post-Testing 

1. Review the reports and analyse the results 
2. Remediate and resolve the vulnerabilities that were able to be exploited
3. Re-test the vulnerabilities to ensure remediation was successful.

The Benefits of Thorough Penetration Testing

Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.

Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities. 

Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.

Website Security is a Never-Ending Battle 

While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.

Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance. 

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

Summary 

If you’re looking to build a website for your business, a proven approach is to work with an agency and have them deliver the project for you. This could be a bespoke website design and development agency or solely a website or platform development agency.

Before you approach an agency, however, you’ll first need to reach a clear, detailed understanding of your requirements.

This article will provide an in-depth guide to help you through the briefing process and ensure your chosen agency delivers your project successfully, including a free template you can use to create your own brief.  This template can also be used for other types of development projects as well, including anything from an online portal to an internal training platform.

Where to Start 

Whether you need to design and develop a new website, or rebuild or migrate an existing site, a natural first step is to take your idea to an agency with a view to launching a web development project. 

However, it’s a common mistake to go to an agency too early with just a raw, under-developed concept. Rather than meeting with an agency prematurely, we strongly suggest going through the process of defining your specific requirements and creating a project brief first.

The first thing to do is hold a discussion with the relevant people internally. Talk through the idea, and try to define what it is you need and what you want to achieve with it. Get a clear picture of what that idea or a concept will turn into, but also think carefully about what it should do from the perspective of your end-users. 

Once you have a more tangible understanding of what you’re looking to build, you should begin creating a brief. 

This is a document outlining the key details and requirements for the project. It’s something you’ll need to take with you to your introductory meetings with the agencies you’re considering, as it will be a very useful tool in helping you explain your idea clearly. 

A brief doesn’t have to be complicated. It’s just a simple written document that lists everything you want at this early stage. However, while a brief can be simple, it’s important that it’s as specific as possible too. The more detail you provide for your agency, the more chance you’ll have the project delivered on time, within your budget, and meeting your expectations. 

Why Having a Brief is Crucial

There are some potential pitfalls to be aware of that could create challenges for you if you don’t create a thorough brief. 

Unfortunately, some agencies will be willing to work with you without a detailed brief, glossing over important details and keeping the expectations and requirements vague. This is a red flag to look out for, as it will likely result in one of several outcomes:

• You risk going through a long, expensive discovery and definition exercise that you could’ve done yourself internally for no cost. 

• You risk being given a quote that’s too expensive, or a project timeline that’s longer than necessary.

• You risk receiving a service from the agency that doesn’t align with your request or meet your expectations. In turn, you’ll then have to spend even more time and money on a new project to get your original idea developed. 

A brief is what gives you and the agency a mutual understanding of the work that needs to be done to successfully deliver the project. Without that specificity, you might end up disappointed. That’s why it’s always wise to put some time and effort in up front before taking your idea to an agency.  

Once you submit your brief, you may be invited to participate in a follow-up session to further explore the requirements you’ve listed. This is perfectly normal, and actually a good sign. Experienced agencies will want to talk through each of the elements of your brief with you to help determine the best possible way to deliver those in the project.

How to Create Your Brief 

When you begin to discuss and plan the requirements of your project between your team, we recommend thinking carefully about the following points. 
Please note: There are a lot of things that could go into a project brief, depending on how complex your requirements are, so we won’t include everything here in this article.

The Project’s Purpose and Goals 

Start by thinking about what the purpose of the project is. There’s no use speaking to an agency until you have a clear, specific understanding of exactly what you’re trying to achieve with this project. This should relate to your strategic business objectives, but it should also be designed to meet the needs of your end-users. 

Ask yourself how this will allow you to improve your end-users’ experience or solve a problem for them. Answering this might involve working on user personas or developing user stories, or potentially even working directly with some members of your target audience to gather their input. 

Project Timelines and Deadlines 

Timing is another important point to think about, particularly how much time you have to deliver the project. Deadlines can sometimes relate to certain dates that are out of your control, so it’s better to start as early as possible in those cases. If there’s any flexibility with the timeline for delivery, make a note of that as well. 

Project Stakeholders

Make a list of all the stakeholders involved. This is a good thing for the agency to be aware of early on, because the project becomes more complex with a higher number of stakeholders.

Depending on the size of your business, and the nature of your site, your project team will usually be some combination of: A marketing director or marketing manager, someone from your operations department, and someone from IT. 

However, if you also have people like someone from your IT team responsible for security, a content writer to provide all the written text, or any external consultants, that should be made clear in advance. If your site will need to integrate with other platforms, such as your CRM system, you may have an integration manager specifically in charge of overseeing that as well.

It’s useful to designate roles to certain stakeholders, such as project sponsors, product owners, administrators, and so on. This will help you understand who’s responsible for different aspects of the project internally. 

If you plan to work with external agencies for things like SEO or branding, it’s important to note that in your brief. This is necessary for the development agency to be aware of as early as possible, because collaborating with other third-parties at different stages of the project requires a lot of coordination. 

Certain processes may also have to run differently if other third-party agencies want to be more hands-on or handle some parts of the site themselves. The earlier this is made clear, the more smoothly the project will run. 

Technology Preferences 

If you have any preference of technology platform or any requirements related to your existing tech stack, that will be something you’ll need to decide early on. For example, would you prefer to use WordPress due to its scalability, or do you have any existing investment in any other platforms? 

Think about any preference you have for the various technology choices available, why they’re important to you, and whether your agency will have to tailor their approach to accommodate that.

If you need help understanding and evaluating your options for technology platforms, check out our helpful guide here.  

Budget 

Try to determine a minimum and maximum budget for your project, even if it’s just a loose range for now. It will help you evaluate agencies, and will also help you prioritise the various aspects of the project as “must have” or “nice to have” in many cases. 

Design Look and Feel

This is where your company’s brand comes into play. You’ll want your site to reflect your brand and that will come through in the design. Bring any brand guidelines to the table, and think about what sort of tone or experience you want to convey to your end-users. 

If you don’t have any recent brand guidelines and want help updating them, or need to go through a rebranding process, mention that in your brief as well. Design and development agencies will often be able to help you in these areas too, or at least refer you to a trusted partner who can. 

User Interface (UI) 

How your end-users will interact with your site, and what kind of experience they’ll have, is largely determined by the user interface. When it comes to design and UI, simplicity is usually the best approach. However, depending on the function you’re providing, you might have some specific or bespoke UI requirements. 

Consider your target audience carefully here as well. For example, if most of your users will be accessing your site from a mobile device, it’s probably wise to opt for a mobile-first design.

Some other important things to think about here include how you’d like your sitemap to be structured, especially if you have an existing site that you’re already happy with. 

If your project will involve rebuilding or migrating an existing site or platform, it will be helpful to gather any existing data sources, such as Google Analytics, that will provide insight into your current site.

Non-Functional Requirements

Non-functional requirements are all the aspects of your site that happen behind the scenes. These are things that allow your site to do its job properly for your end-users, but won’t be evident to those people while they’re using it.

There’s a lot of things to consider with non-functional requirements, so we won’t cover everything here.

Hosting

If you have any specific hosting requirements, such as a preference for a certain cloud-based platform, or a particularly secure data centre, those will be important to identify as early as possible. 

Say, for instance, that sustainability is a core value for your business, this could also have an influence on how and where your hosting is managed.

If you have an internal IT team that will be contributing towards the hosting decision, make sure you involve them in the discussion.

Security and Compliance

Security is a growing concern for all businesses today. It’s crucial to think about security as a core component of any web development project, to minimise any potential risks for your business.

If you have someone in your team responsible for security, they should begin to think about issues such as: 

• How will you be backing up the site’s data? 
• What level of data encryption do you need? 
• How will users’ personal details be stored and protected? 
• Will you have two-factor authentication?
• What password recovery process will there be for users? 

Robust security also involves keeping compliant with any specific security or industry regulations that may affect your business. Of course, compliance with things like GDPR should be planned for at this stage too.

Some other common non-functional requirements include things like session management capabilities to track and things like log-in time, session length, pages visited, and so on. Search engine optimisation (SEO) tools, analytics, or other capabilities might need to be built into your site as well. 

Accessibility, Usability, and Responsive Design

When it comes to aspects that will make your users’ experience as seamless as possible, such as accessibility, a good agency will ensure all these things are taken care of for you. This is also the case for ensuring all major web browsers, operating systems, and devices are fully supported and compatible. Development should always be compliant with industry standards, taking into account optimum accessibility and usability.

However, if you have any additional or bespoke requirements for any of these things, those will be useful to note early on.

Functional Requirements 

The term ‘functional requirements’ refers to everything that your site will be able to do for its users, in terms of its features, functionality, and capabilities. 

As mentioned earlier, one of the first things you discussed was what the site will help your end-users achieve. From the perspective of building something your target audience can use, you should start to get a feel for what functionality is required to ensure they can achieve that.

Features 

Your features are the things your site will allow your users to do. These can be very simple, or very sophisticated, depending on what you’re aiming to provide for them. 

When putting your brief together, think of any and all features and functionality that might benefit your users. Your agency will then work with you to explore these and find the best way to turn that into intuitive, user-friendly features for you. 

What to Do Next 

Once your team has been through the process of talking through all the points listed above, you should have a very thorough, useful brief to work with. The next step is to take that brief to any introductory meetings you have with agencies and ask them what they think of the project initially. 

It’s normal for an agency to ask lots of questions at that stage and really dive into the ‘WHY’ behind all the things you’ve put into your brief. A good agency will even challenge you on certain decisions, to help you determine the best possible way to build what you need. 

Once you’ve discussed your brief with an agency, determine which one feels like the best fit. Choosing the right agency is crucial, as it will have a huge influence on whether or not your project is successful. 

As mentioned earlier, some agencies will agree to launch into a project without a brief, and that can be extremely problematic. While the main purpose of a brief is to help you and your agency understand exactly what you need, it should also be used as a way to spot partners who may not be sufficiently thorough or conscientious.

Whichever agency you choose, a detailed brief will help you ensure you’re given a fair quote, realistic timelines for completion, and a finished product that meets your requirements and expectations.

More Helpful Resources 

If you’re considering a bespoke development project, our related article provides useful guidance to help you choose the right technology platform for your specific needs: 

Understanding and Evaluating Enterprise Options for Bespoke Web Development

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

SoBold has continued to be an accredited Living Wage Employer and has formally made a commitment to ensure all new and existing staff contracts are renewed at the Living Wage rate as a minimum.

SoBold has been a Living Wage Employer since 2019 and they are committed to ensuring that all staff are treated fairly and remunerated fairly in line with the Living Wage Foundation.

The new Living Wage rates were announced on Thursday 22nd September 2022 and SoBold ensured that all staff pay is in line with this. 

SoBold hope to see more agencies within the technology sector follow suit and become accredited.

SoBold Managing Director, Will Newland said:

We are proud of the people that work at SoBold and we truly care about them. Our staff have always been the life blood of our organisation and it is an absolute no brainer for SoBold to be a Living Wage employer. 

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

In response to COVID-19, we’ve put in place a number of measures at SoBold to make sure we can continue to provide our services to our clients around the world as well as do what we can to help contain the spread of the virus.

It’s helpful to reflect on the fact that we offer a service whereby the performance and outcome of work produced will not be affected at all.

We’ve moved to full-time remote work

SoBold has decided to close our office in London and have our employees work remotely until further notice.

We’re doing this in an effort to help prevent the spread of the virus because, while most SoBold employees are healthy and not in the high-risk category, we appreciate that is not the case for all of those around us, or in the wider community we live in.

We have a responsibility towards these people, including others who work in our building and those we come into contact with during each others’ daily commute.

We’ve set up enhanced support for remote work

We don’t believe it’ll cause much disruption to the rest of the team and business.

Most of our clients, for example, will be familiar with remote meetings; we regularly host virtual meetings between clients and SoBold.

All team members have access to reliable remote conferencing and workflow tools, so they can speak to anyone either within SoBold or outside of the organisation, whenever they need or want to.

This means we can continue to frictionlessly share and work collaboratively cross-functionally, with the ultimate goal of always delighting our clients and partners.

Free support to those directly affected by the closure of their businesses

We want to give back and help businesses and individuals that have been so badly damaged by the closure of their shopfronts, gyms, restaurants and other businesses in the hospitality industry.

We are offering free website help to these businesses during these tough times.

If you would like to get in touch with a team member about this, please email hello@soboldltd.com

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

As a web developer team, our responsibility is in providing support to other companies. We make sure that websites look and work well for the businesses that need them. Our team serves as an expert extension of our clients so they can focus on their actual operations.

We take pride in our work and it looks like our efforts are paying off. We’re very happy to announce that we’ve been given an award. SoBold was named as a top UK web developer by Clutch for the year 2021.

Clutch is a ratings and reviews company that uses a unique verification process that ensures all of the content on their platform comes from legitimate sources. They then leverage this information to create ranked lists of the best performers in every industry around the world. The best of the best then get an award.

The best part of all this award is that it’s not decided by a panel of faceless judges. It’s based on the reactions of the people that worked directly with us. They’re the people in the best position to judge or critique our work. In fact, here’s what our Director had to say when we got the news.

“We are absolutely delighted to be chosen as one of the leading WordPress Development agencies in the UK by Clutch and look forward to continued growth and development to fulfil our potential.” Will Newland, Managing Director, SoBold.

If you want to partner with a team that will provide expert support and service to ensure your website is the best it can be, give us a call. Fill out our contact form and we’ll set up an appointment as soon as possible.

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy