According to Gartner, the number of buyers citing security threat management as a top business challenge has risen by 46% since 2024. One of the most effective and trusted ways to safeguard systems is penetration testing. Once limited to the banking sector, this approach—where ethical hackers simulate real-world attacks to uncover vulnerabilities—is now widely adopted across industries to proactively protect sensitive data.
As an experienced software house serving both local and international clients, Manao Software recognises the critical role of penetration testing. We are committed to delivering services that meet global security standards, helping our clients build systems that are resilient, secure, and future-ready.
What is penetration testing?
Before diving into advanced topics, let’s briefly clarify what penetration testing really means—for those unfamiliar with the term. Think of it like how vaccines work: we introduce a weakened form of a disease to train the immune system to defend itself. Similarly, penetration testing involves hiring ethical hackers to “attack” a system in a controlled environment. Their goal is to uncover vulnerabilities—much like a doctor diagnosing hidden health issues. But instead of causing harm, they help identify weaknesses before a real cyberattack occurs.
This proactive approach helps developers strengthen systems, close security gaps before deployment, and boost resilience against real-world threats.
Thailand’s Introduction to Intelligence-Led Penetration Testing
Since 2020, Thailand has taken significant steps toward Thailand 4.0, a vision of national digital transformation across major industries such as banking, manufacturing, education, and more. As digital adoption accelerates, the need for robust system security has become more critical than ever. This shift has brought a renewed focus on strengthening the nation’s cybersecurity landscape.
In response, the Bank of Thailand, in collaboration with the Thailand Banking Sector – Cyber Security Coordination Center (TB-CERT), introduced iPentest—an Intelligence-Led Penetration Testing Guideline. This initiative is designed to elevate the security standards of digital systems and prepare organizations to defend against evolving cyber threats.
What is iPentest?
iPentest is an advanced form of penetration testing, often referred to as Red Teaming. It uses current threat intelligence to simulate real-world attack scenarios, testing not just technology but also the people and processes behind it.
While it was originally introduced for financial institutions, iPentest is now being adopted across industries where data protection is critical. The approach provides a robust way to assess an organization’s preparedness against evolving threats.
iPentest Principle
iPentest penetration testing is a collaborative effort between testers, developers, and system owners. Before beginning the testing process, it’s important to establish these four key principles.
Oversight of penetration testing
Ensuring comprehensive coverage and risk prevention by clearly defining roles, responsibilities, and related processes, establishing criteria for selecting testers, and implementing strict supervision of the testing process to prevent risks that may impact business operations.
Utilizing Threat Intelligence
The simulated scenarios should align with the risks faced by financial institutions and current cyber threat patterns to ensure the testing closely mirrors real-world situations.
Defined plan and ensuring useful test results
To prevent risks and minimize potential impacts during testing, stakeholders should summarize and review the test results together, as well as develop plans and set appropriate timelines for remediation.
Presentation of test results
The test report should include complete and detailed information and be presented to the executive committee and relevant stakeholders according to the financial institution’s IT risk reporting process.
How iPentest Supports GDPR Compliance
The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy law enforced across the European Union. Similar to Thailand’s Personal Data Protection Act (PDPA), GDPR sets even more detailed and stringent requirements—making compliance challenging, especially for developers and service providers based outside the EU.
However, the adoption of iPentest in Thailand has significantly enhanced the country’s penetration testing capabilities. With this framework in place, systems developed in Thailand are better equipped to meet international security standards, including those required by GDPR.
In particular, iPentest aligns with GDPR Article 32, which mandates the implementation of appropriate technical and organizational measures to ensure a level of security that matches the risk of processing personal data. This demonstrates how iPentest not only strengthens local cybersecurity practices but also supports global data protection compliance.
GDPR Article 32
Here is a brief overview of the key criteria that must be met when complying with GDPR Article 32:
- Risk Assessment: Organizations must identify potential risks to personal data and implement measures to mitigate those risks.
- Technical Measures: These include implementing security controls like encryption, access controls (including multi-factor authentication), and robust incident response plans.
- Organizational Measures: These involve policies and procedures, such as data handling guidelines for employees, regular security audits, and staff training.
- Ongoing Effectiveness: Organizations must continuously test, assess, and evaluate the effectiveness of their security measures to ensure they are working as intended.
- Demonstrating Compliance: This can be achieved through various means, including documentation, audits, and certifications.
By following iPentest practices, Thai-based companies like Manao Software can deliver software solutions that are GDPR-ready and globally competitive.
Manao Software’s Commitment to Security
Manao Software’s commitment to security isn’t an afterthought at Manao Software—it’s embedded into our development process from day one. With over 18 years of experience and a strong track record of international projects, we know what it takes to meet global cybersecurity expectations.
We embrace intelligence-led penetration testing (iPentest) and align our practices with frameworks like GDPR to ensure every product we deliver is secure, compliant, and reliable.
We believe that secure software is not just a feature—it’s a foundation.
Ready to Build Secure, Custom Software?
If you’re looking for a trusted partner to help you develop custom software that meets international security standards, let’s talk. We’d love to help you safeguard your future, one line of code at a time. Contact Manao Software.
Written By: Nitinon T., Mid-level Marketing Executive
