---
title: "Third-Party Penetration Testing"
type: concept
tags:
  - Security
  - Testing
  - Penetration-Testing
  - Red-Team
last_updated: 2026-04-14
---

# Third-Party Penetration Testing

## Definition
由独立第三方安全机构执行的渗透测试和红队演练，用于客观评估组织的安全态势，发现内部视角可能忽略的漏洞。

## Components
- **年度第三方测试**：由独立机构执行年度安全评估
- **桌面演练（Tabletop Exercises）**：模拟安全事件和违规场景，测试响应流程
- **红队演练（Red Team Exercises）**：在事先不知情的情况下评估组织安全
- **高级威胁评估（Advanced Threat Assessments）**
- **内部/第三方渗透测试**：定期进行，发现技术漏洞
- **客户审计（Customer Audits）**：有时会引发补救活动

## Key Metrics
- 桌面演练：测试事件和违规准备就绪程度
- 红队演练：在无预警情况下测试组织安全
- OpenText 持续在第三方测试中处于"顶级梯队"

## Key Quote
> "OpenText conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier." — GIS Team

## Connections
- [[ISO-27001]]：框架要求
- [[Global Information Security Policy (GISP)]]：政策支撑
- [[Threat-Intelligence]]：结合使用
- [[OpenText]]：实施组织