What is a penetration test?

A Penetration Test, also known as a Pen Test, involves our CREST accredited testers using the same tools and expertise that career criminals and hackers would use to simulate an attack on your organisation.

The purpose of a Penetration Test is to identify vulnerabilities that could be exploited. It is the most effective way of showing how attackers could breach your organisation, how it could impact you and the likelihood of it actually occurring.

Aside from discovering vulnerabilities before criminals do, there are other benefits to a Penetration Test. Regular Penetration Tests are required by some industries to comply with security standards and help you avoid fines involved with non-compliance. Some businesses will also require you to demonstrate that you have this compliance in place before they will work with you.

Want to learn more?

How can a Penetration Test help my business?

Discover how your organisation’s weaknesses could be breached through authorised simulated cyberattacks. Our CREST certified ethical hacker will scrutinise your systems in the same way that cybercriminals do, so that you know what remedial actions to take to protect your business.

What’s involved in a Penetration Test?

There are three types of penetration test available to you:

  • Network and infrastructure – this is a test of your external facing IP’s, router firewalls, email servers and other ports and also covers your endpoints, servers and access points
  • Applications – this is a test on your websites, CRM, login systems, intranet and mobile applications and other applications your business uses
  • Social engineering – we test this with phishing, vishing, physical entry and tactics such as USB drops

Learn more, download our fact sheet

You will be asked to provide contact details before you can access the downloadable file above.

3 Core Phases of Penetration Testing

Each and every Penetration Test we carry out will differ depending on a) the system being tested, and b) your individual business needs. We follow a proven methodology so as to maintain a consistent set of results.

This includes 3 core phases:

  • Planning & Investigation

This phase will involve planning and gathering intelligence which will help us identify how we’ll be targeting our simulated attacks, and will include mapping high value assets such as employee, customer and technical data, as well as internal and external threats.

  • Exploitation of vulnerabilities

With a map of all possible vulnerabilities, we’ll then begin the simulated tests on your entry points. Our goal will be to see how far we can get into your environment, identify any high-value targets, and avoid detection.

  • Analysis and reporting

While Penetration Testing is a complex activity, our analysis and reporting isn’t. We’ll highlight security vulnerabilities and areas that could be exploited. We’ll also provide guidance on remediation, with a clear focus on preventative countermeasures.

Ready to talk?

Cyber Security Overview

The only way to protect your business of tomorrow is to take full control of your Cyber Security today, speak to our experts.

Gap Analysis

The process of analysing the current state of affairs and comparing this to the ideal or desired position

Vulnerability Management

Discover, access, analyse and monitor vulnerabilities to help you prioritise fixes, eliminate blind spots and reduce risk.

Cyber Essentials

Reduce your cyber risk with cyber essentials by up to 80% by ensuring your business is following best practice.

Cyber Security Case Studies

Learn how we've implemented Cyber Security strategy, projects and services for clients across the UK.