Penetration Testing Guidelines for the Financial Industry

This document is a set of guidelines for penetration testing tailored for Financial Institutions (FIs) in Singapore, published by the Association of Banks of Singapore. It outlines the importance of penetration testing in assessing the effectiveness of security controls to maintain the confidentiality, integrity, and availability of IT systems. The guidelines emphasize that penetration testing should not be viewed as a compliance document but rather as a framework for enhancing security practices. It details various penetration testing styles, including Blackbox, Greybox, and Whitebox testing, and describes the phases involved in penetration testing, from planning to retesting. Additionally, the document discusses the selection criteria for penetration testers and provides references to other industry standards and best practices. Overall, it serves as a comprehensive resource for FIs to develop their penetration testing strategies while ensuring alignment with regulatory expectations.