{"id":8161,"date":"2026-07-15T09:39:00","date_gmt":"2026-07-15T08:39:00","guid":{"rendered":"https:\/\/www.d2na.com\/?p=8161"},"modified":"2026-07-15T11:47:47","modified_gmt":"2026-07-15T10:47:47","slug":"a-focus-on-penetration-testing-part-2","status":"publish","type":"post","link":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/","title":{"rendered":"A Focus on Penetration Testing &#8211; Part 2"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">mins read<\/span><\/span>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8161\" class=\"elementor elementor-8161\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;}\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-483054a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-eae-slider=\"34365\" data-id=\"483054a\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5913dfc\" data-eae-slider=\"15214\" data-id=\"5913dfc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ae0947e elementor-widget elementor-widget-text-editor\" data-id=\"ae0947e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Thinking differently about Pen Testing&#8230;<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eaa1a7c elementor-widget elementor-widget-text-editor\" data-id=\"eaa1a7c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.d2na.com\/index.php\/penetration-testing\/\" target=\"_blank\" rel=\"noopener\">Penetration testing<\/a> has traditionally been treated as an annual exercise. Book the test, receive the report, fix what you can, and move on until next year.<\/p><p>But in today\u2019s cloud-first, Microsoft-centric and AI-enabled environments, risk does not wait twelve months. New services go live, integrations change, suppliers connect, permissions shift and attack surfaces evolve continuously.<\/p><p>That is why organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.<\/p><p>In this three-part series we explore:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-inner-section elementor-element elementor-element-5765769 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-eae-slider=\"80090\" data-id=\"5765769\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-3b48cca\" data-eae-slider=\"74215\" data-id=\"3b48cca\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a6ca6e7 elementor-widget elementor-widget-text-editor\" data-id=\"a6ca6e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em>Part 1<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a69098e elementor-widget elementor-widget-text-editor\" data-id=\"a69098e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Why annual penetration testing is no longer enough<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-392c6d8\" data-eae-slider=\"99939\" data-id=\"392c6d8\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-92e87ee elementor-widget elementor-widget-text-editor\" data-id=\"92e87ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em>Part 2<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c24e6f elementor-widget elementor-widget-text-editor\" data-id=\"9c24e6f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>How to turn findings into meaningful risk reduction<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-76d8aaf\" data-eae-slider=\"4019\" data-id=\"76d8aaf\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b0304de elementor-widget elementor-widget-text-editor\" data-id=\"b0304de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em>Part 3<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ba97174 elementor-widget elementor-widget-text-editor\" data-id=\"ba97174\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>What continuous assurance looks like in practice<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-2df61b5 elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"2df61b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;none&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 20 16&#039; fill=&#039;none&#039; stroke=&#039;black&#039; stroke-width=&#039;1&#039; stroke-linecap=&#039;square&#039; stroke-miterlimit=&#039;10&#039;%3E%3Cg transform=&#039;translate(-12.000000, 0)&#039;%3E%3Cpath d=&#039;M28,0L10,18&#039;\/%3E%3Cpath d=&#039;M18,0L0,18&#039;\/%3E%3Cpath d=&#039;M48,0L30,18&#039;\/%3E%3Cpath d=&#039;M38,0L20,18&#039;\/%3E%3C\/g%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-323204c elementor-widget elementor-widget-text-editor\" data-id=\"323204c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Part 2: From Findings to Meaningful Risk Reduction<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-00639c8 elementor-widget elementor-widget-text-editor\" data-id=\"00639c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.d2na.com\/index.php\/2026\/07\/10\/a-focus-on-penetration-testing-part-1\/\" target=\"_blank\" rel=\"noopener\">Part 1<\/a> explored why annual penetration testing can no longer provide lasting assurance in fast-changing cloud and digital environments. The next question is what happens once the test is complete. If the report simply becomes a list of issues, its value is limited. To reduce risk, findings need to be understood, prioritised and turned into action.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d432553 elementor-widget elementor-widget-image\" data-id=\"d432553\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/part2.jpeg\" class=\"attachment-large size-large wp-image-8163\" alt=\"\" srcset=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/part2.jpeg 1920w, https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/part2-1536x864.jpeg 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0d0728b elementor-widget elementor-widget-text-editor\" data-id=\"0d0728b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>What Industry Guidance Tells Us<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c44f696 elementor-widget elementor-widget-text-editor\" data-id=\"c44f696\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A penetration test report is only valuable if it leads to better decisions. The real question is not simply \u201cwhat did the test find?\u201d but \u201cwhat should we do first, and why?\u201d<\/p><p>This is reflected in guidance from the National Cyber Security Centre. The NCSC describes penetration testing as a way to gain assurance by attempting to breach a system using techniques an adversary might use.<\/p><p>Importantly, the NCSC also makes clear that penetration testing should not be treated as a magic bullet or as the primary way to identify vulnerabilities. Its value is in helping organisations test whether vulnerability management, configuration and monitoring processes are working effectively.<\/p><p>This is particularly important for Microsoft-centric estates, where risk often spans identity, endpoints, data, applications, infrastructure and cloud workloads. In a Zero Trust model, controls such as Conditional Access, least privilege, secure configuration, segmentation and monitoring need to be continually validated, not simply documented.<\/p><p>For public sector bodies, critical national infrastructure and other organisations delivering essential services, this makes regular, well-scoped testing especially valuable. It provides independent validation that controls remain effective, that remediation activity has genuinely reduced risk and that new systems or changes have not introduced avoidable exposure. It also supports a more mature, threat-informed approach to cyber resilience, where testing is used to challenge assumptions and inform continuous improvement rather than simply satisfy an annual requirement.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed98e23 elementor-widget elementor-widget-text-editor\" data-id=\"ed98e23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Compliance Is the Starting Point, Not the Outcome<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ccd703 elementor-widget elementor-widget-text-editor\" data-id=\"5ccd703\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Compliance is often the reason organisations commission a penetration test, but it should not be the only value they take from it. The stronger outcome is a clearer understanding of which risks matter most, whether security investments are working and where remediation should be prioritised.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6e570d9 elementor-widget elementor-widget-text-editor\" data-id=\"6e570d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>The Real Value Comes After the Test<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-619a7ce elementor-widget elementor-widget-text-editor\" data-id=\"619a7ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This is where the report becomes valuable. Findings only reduce risk when they are prioritised, owned and turned into practical remediation activity.<\/p><p>D2NA supports this by helping organisations move beyond a report-led view of penetration testing. We work with customers to interpret findings in the context of their operating environment, governance requirements and real-world threat exposure. That helps turn technical outputs into practical decisions that can be owned by IT, security, risk and leadership teams.<\/p><p>Look at your most recent penetration testing report and ask whether the findings have been translated into a prioritised, owned and measurable remediation plan. If not, D2NA can help turn technical outputs into a practical roadmap for risk reduction.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4525922 elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"4525922\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;none&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 20 16&#039; fill=&#039;none&#039; stroke=&#039;black&#039; stroke-width=&#039;1&#039; stroke-linecap=&#039;square&#039; stroke-miterlimit=&#039;10&#039;%3E%3Cg transform=&#039;translate(-12.000000, 0)&#039;%3E%3Cpath d=&#039;M28,0L10,18&#039;\/%3E%3Cpath d=&#039;M18,0L0,18&#039;\/%3E%3Cpath d=&#039;M48,0L30,18&#039;\/%3E%3Cpath d=&#039;M38,0L20,18&#039;\/%3E%3C\/g%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a05a068 elementor-widget elementor-widget-text-editor\" data-id=\"a05a068\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Coming next&#8230;<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ad2bce elementor-widget elementor-widget-text-editor\" data-id=\"7ad2bce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Once findings have been prioritised and remediation is underway, the next challenge is making sure improvement continues. In Part 3, we look at what continuous testing looks like in practice and how it supports Microsoft cloud governance, compliance and confidence.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8232a79 elementor-widget elementor-widget-text-editor\" data-id=\"8232a79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If you would like to discuss anything in this blog post with a member of our team, get in touch by <a href=\"https:\/\/www.d2na.com\/index.php\/contact\/\" target=\"_blank\" rel=\"noopener\">clicking here<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">mins read<\/span><\/span>Thinking differently about Pen Testing&#8230; Penetration testing has traditionally been treated as an annual exercise. Book the test, receive the report, fix what you can, and move on until next year. But in today\u2019s cloud-first, Microsoft-centric and AI-enabled environments, risk does not wait twelve months. New services go live, integrations change, suppliers connect, permissions shift [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8157,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[484],"class_list":["post-8161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-penetration-testing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v28.0 (Yoast SEO v28.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>A Focus on Penetration Testing - Part 2 - D2NA<\/title>\n<meta name=\"description\" content=\"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Focus on Penetration Testing - Part 2\" \/>\n<meta property=\"og:description\" content=\"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"D2NA\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-15T08:39:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-15T10:47:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shaun Conway\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@D2NA\" \/>\n<meta name=\"twitter:site\" content=\"@D2NA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shaun Conway\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/\"},\"author\":{\"name\":\"Shaun Conway\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\"},\"headline\":\"A Focus on Penetration Testing &#8211; Part 2\",\"datePublished\":\"2026-07-15T08:39:00+00:00\",\"dateModified\":\"2026-07-15T10:47:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/\"},\"wordCount\":683,\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/2026-07-thumb-pentestseriesp2.jpeg\",\"keywords\":[\"penetration testing\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/\",\"name\":\"A Focus on Penetration Testing - Part 2 - D2NA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/2026-07-thumb-pentestseriesp2.jpeg\",\"datePublished\":\"2026-07-15T08:39:00+00:00\",\"dateModified\":\"2026-07-15T10:47:47+00:00\",\"description\":\"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/2026-07-thumb-pentestseriesp2.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/2026-07-thumb-pentestseriesp2.jpeg\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2026\\\/07\\\/15\\\/a-focus-on-penetration-testing-part-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.d2na.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Focus on Penetration Testing &#8211; Part 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"name\":\"D2NA\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.d2na.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\",\"name\":\"D2 Network Associates Limited\",\"alternateName\":\"D2NA\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"width\":180,\"height\":60,\"caption\":\"D2 Network Associates Limited\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/D2NA\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/d2-network-associates-ltd\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\",\"name\":\"Shaun Conway\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"caption\":\"Shaun Conway\"},\"sameAs\":[\"https:\\\/\\\/www.d2na.com\"],\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/author\\\/shaun-conway\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Focus on Penetration Testing - Part 2 - D2NA","description":"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/","og_locale":"en_GB","og_type":"article","og_title":"A Focus on Penetration Testing - Part 2","og_description":"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.","og_url":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/","og_site_name":"D2NA","article_published_time":"2026-07-15T08:39:00+00:00","article_modified_time":"2026-07-15T10:47:47+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg","type":"image\/jpeg"}],"author":"Shaun Conway","twitter_card":"summary_large_image","twitter_creator":"@D2NA","twitter_site":"@D2NA","twitter_misc":{"Written by":"Shaun Conway","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#article","isPartOf":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/"},"author":{"name":"Shaun Conway","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36"},"headline":"A Focus on Penetration Testing &#8211; Part 2","datePublished":"2026-07-15T08:39:00+00:00","dateModified":"2026-07-15T10:47:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/"},"wordCount":683,"publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg","keywords":["penetration testing"],"articleSection":["Blog"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/","url":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/","name":"A Focus on Penetration Testing - Part 2 - D2NA","isPartOf":{"@id":"https:\/\/www.d2na.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg","datePublished":"2026-07-15T08:39:00+00:00","dateModified":"2026-07-15T10:47:47+00:00","description":"Organisations need to think differently about penetration testing. Not as a one-off compliance activity, but as part of an ongoing assurance model that helps validate controls, evidence compliance and give leaders confidence that digital services are secure today, not just when the last test was completed.","breadcrumb":{"@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#primaryimage","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2026\/07\/2026-07-thumb-pentestseriesp2.jpeg","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.d2na.com\/index.php\/2026\/07\/15\/a-focus-on-penetration-testing-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.d2na.com\/"},{"@type":"ListItem","position":2,"name":"A Focus on Penetration Testing &#8211; Part 2"}]},{"@type":"WebSite","@id":"https:\/\/www.d2na.com\/#website","url":"https:\/\/www.d2na.com\/","name":"D2NA","description":"","publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.d2na.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.d2na.com\/#organization","name":"D2 Network Associates Limited","alternateName":"D2NA","url":"https:\/\/www.d2na.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","width":180,"height":60,"caption":"D2 Network Associates Limited"},"image":{"@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/D2NA","https:\/\/www.linkedin.com\/company\/d2-network-associates-ltd\/"]},{"@type":"Person","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36","name":"Shaun Conway","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","caption":"Shaun Conway"},"sameAs":["https:\/\/www.d2na.com"],"url":"https:\/\/www.d2na.com\/index.php\/author\/shaun-conway\/"}]}},"_links":{"self":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/8161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/comments?post=8161"}],"version-history":[{"count":9,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/8161\/revisions"}],"predecessor-version":[{"id":8187,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/8161\/revisions\/8187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media\/8157"}],"wp:attachment":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media?parent=8161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/categories?post=8161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/tags?post=8161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}