Penetration Testing

Penetration Testing

Our CREST Accredited partners provide Penetration Testing and Security Assessments to help your organisation minimise its exposure to cyber threats.

Pen Test Scoping Exercise

Before any testing activity begins our technical team will work with you to conduct a scoping exercise which will:

  • Identify all relevant infrastructure, applications and services to be tested.
  • Determine your objectives and intended outcome of the Pen Testing exercises.
  • Minimise disruption and risk of actually performing the Pen Testing.
  • Gather or request the information needed to carry out the Pen Testing.
  • Integrating Pen Testing as part of your over-all and on-going Cyber Defence Strategy.

The scoping exercise can take place on-site or remotely with input from your key interested parties.

Type of Penetration Tests

There are many types of test and security assessments that can be conducted depending on the infrastructure and processes you need to protect.  Our experienced CREST Accredited Testers will advise you during the Scoping Exercise.

Network & IT Infrastructure

Often the most recognised type of testing, a network & IT Infrastructure assessment will look for poor configuration, un-patched systems and other vulnerabilities that could be maliciously exploited to gain control of a system, or access to a network from which a hacker could attempt to elevate their privileges.

Firewalls, Routers and Servers are all common public facing targets, but an assessment can also look at the network services available internally.

It’s also important to define an appropriate scope that might cover your internal corporate network AND any Cloud based or virtual infrastructure you operate; but please note, before Pen Testing a Cloud Platform, you should confirm the arrangements with the Cloud Provider to minimise disruption.  Our Testers can advise on the best approach for this.


Whether you have developed a bespoke application or created a system by configuring off-the-shelf packages, an application Pen Test will assess its security.

Application Pen Tests will usually cover the OWASP Top 10, a list of the most critical security vulnerabilities often found in Web Applications.

Physical Assessments

The physical security of your premises is important to the protection of your information and infrastructure; and should be included in a Comprehensive Testing Programme.

A physical security assessment can include your access control system, reception, CCTV and general data leakage from post-it notes and staff conversations.

Tail-Gating and Locking Computer Screens are two of the Tricky ISO 27001 Controls we identified.

Social Engineering

Social Engineering is an often over-looked security threat, but is a common method of gaining unauthorised access to a system.

Mitigated with a strong Information Security culture in the organisation, our Social Engineering Assessments can include mock phishing campaigns and secret-shopper style support calls.

Over All Cyber Defence Programme with Assent

A Pen Test or combination of the assessments above will provide a good base-line for your organisation to verify existing controls and treat any identified weaknesses.

However, to realise the maximum benefit and protection, Penetration Testing should be conducted regularly and as part of a Cyber Defence Programme that takes in to account the organisation’s Governance, Security Culture and Technical Controls.

Contact our team to discuss how we can help.