II.
Workflow overview
Reference · liveworkflow:penetration-testing-cycle
Penetration Testing Cycle overview
Semi-annual workflow where authorised security professionals attempt to compromise production or staging systems to identify exploitable vulnerabilities before malicious actors do. The cycle begins with scoping — defining targets, rules of engagement, and success criteria with security and legal stakeholders. An external penetration testing firm or internal red team conducts the test over a defined window using agreed methodologies. Findings are documented in a penetration test report with severity ratings, proof-of-concept evidence, and remediation guidance. Engineering teams prioritise and remediate findings, and a retest validates critical fixes. Results inform the vulnerability management programme and security roadmap.
Attributes
displayName
Penetration Testing Cycle
description
Semi-annual workflow where authorised security professionals attempt to compromise
production or staging systems to identify exploitable vulnerabilities before malicious
actors do. The cycle begins with scoping — defining targets, rules of engagement, and
success criteria with security and legal stakeholders. An external penetration testing
firm or internal red team conducts the test over a defined window using agreed
methodologies. Findings are documented in a penetration test report with severity
ratings, proof-of-concept evidence, and remediation guidance. Engineering teams
prioritise and remediate findings, and a retest validates critical fixes. Results
inform the vulnerability management programme and security roadmap.
workflowKind
security
triggerType
scheduled
typicalCadence
semi-annual
complexity
complex
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:networking·DomainNetworking
involves_role5
- role:security-engineer·RoleSecurity Engineer
- role:compliance-officer·RoleCompliance Officer
- role:engineering-manager·RoleEngineering Manager
- role:legal-counsel·RoleLegal Counsel
- role:audit-analyst·RoleAudit Analyst
triggers_responsibility4
- responsibility:security-audit·Responsibility
- responsibility:risk-assessment·ResponsibilityRisk Assessment
- responsibility:compliance-monitoring·ResponsibilityCompliance Monitoring
- responsibility:vendor-evaluation·ResponsibilityVendor Evaluation
Incoming edges
lib_implements_workflow34
- lib-agent:security-research--cloud-security-researcher·LibraryAgentcloud-security-researcher
- lib-agent:security-research--ctf-creator·LibraryAgentCTF Challenge Creator Agent
- lib-agent:security-research--exploit-developer·LibraryAgentExploit Developer Agent
- lib-agent:security-research--fuzzing-engineer·LibraryAgentfuzzing-engineer
- lib-agent:security-research--hardware-security-researcher·LibraryAgenthardware-security-researcher
- lib-agent:security-research--malware-analyst·LibraryAgentMalware Analyst Agent
- lib-agent:security-research--mobile-researcher·LibraryAgentMobile Security Researcher Agent
- lib-agent:security-research--purple-team-coordinator·LibraryAgentPurple Team Coordinator Agent
- lib-agent:security-research--red-team-operator·LibraryAgentRed Team Operator Agent
- lib-agent:security-research--reverse-engineer·LibraryAgentReverse Engineer Agent
- lib-agent:security-research--security-report-writer·LibraryAgentSecurity Report Writer Agent
- lib-agent:security-research--smart-contract-auditor·LibraryAgentSmart Contract Auditor Agent
- lib-agent:security-research--threat-intel-analyst·LibraryAgentThreat Intelligence Analyst Agent
- lib-agent:security-research--vuln-researcher·LibraryAgentVulnerability Researcher Agent
- lib-agent:security-research--web-security-researcher·LibraryAgentWeb Security Researcher Agent
- lib-skill:security-research--aiml-security·LibrarySkillaiml-security
- lib-skill:security-research--binary-exploitation·LibrarySkillBinary Exploitation Skill
- lib-skill:security-research--burp-websec·LibrarySkillBurp Suite/Web Security Skill
- lib-skill:security-research--cloud-security-testing·LibrarySkillcloud-security-testing
- lib-skill:security-research--debugger-integration·LibrarySkillDebugger Integration Skill
- lib-skill:security-research--fuzzing-ops·LibrarySkillFuzzing Operations Skill
- lib-skill:security-research--ghidra-ida-re·LibrarySkillGhidra/IDA Reverse Engineering Skill
- lib-skill:security-research--hardware-security·LibrarySkillhardware-security
- lib-skill:security-research--incident-forensics·LibrarySkillincident-forensics
- lib-skill:security-research--mitre-attack·LibrarySkillMITRE ATT&CK Skill
- lib-skill:security-research--mobile-security·LibrarySkillMobile Security Testing Skill
- lib-skill:security-research--offensive-security·LibrarySkillOffensive Security Skill
- lib-skill:security-research--protocol-analysis·LibrarySkillNetwork Protocol Analysis Skill
- lib-skill:security-research--pwntools-exploit·LibrarySkillPwntools Exploitation Skill
- lib-skill:security-research--security-sandbox·LibrarySkillsecurity-sandbox
- lib-skill:security-research--smart-contract-analysis·LibrarySkillSmart Contract Analysis Skill
- lib-skill:security-research--static-analysis-tools·LibrarySkillStatic Analysis Tools Skill
- lib-skill:security-research--stix-taxii·LibrarySkillSTIX/TAXII Intelligence Skill
- lib-skill:security-research--yara-rules·LibrarySkillYARA Rules Skill