FIRST THINGS FIRST
What is a penetration test?
A Penetration Test, also known as a Pen Test, involves our CREST accredited testers using the same tools and expertise that career criminals and hackers would use to simulate an attack on your organisation.
The purpose of a Penetration Test is to identify vulnerabilities that could be exploited. They’re the most effective way of showing how attackers could breach your organisation, how it could impact you and the likelihood of it actually occurring.
Aside from discovering vulnerabilities before criminals do, there are other benefits to a pen test. Regular pen tests are required by some industries to comply with security standards and help you avoid fines for with non-compliance. Some businesses will also require you to demonstrate that you have this compliance in place before they will work with you.
What’s involved in a Penetration Test?
There are three types of penetration test available to you:- Network and infrastructure - this is a test of your external facing IP's, router firewalls, email servers and other ports and also covers your endpoints, servers and access points
- Applications - this is a test on your websites, CRM, login systems, intranet and mobile applications and other applications your business uses
- Social engineering - we test this with phishing, vishing, physical entry and tactics such as USB drops
Each and every Penetration Test we carry out will differ depending on a) the system being tested, and b) your individual business needs. We follow a proven methodology so as to maintain a consistent set of results. This includes 3 core phases:

Phase 1
Planning & Investigation
This phase will involve planning and gathering intelligence which will help us identify how we’ll be targeting our simulated attacks, and will include mapping high value assets such as employee, customer and technical data as well as internal and external threats.

Phase 2
Exploitation of vulnerabilities
With a map of all possible vulnerabilities, we’ll then begin the simulated tests on your entry points. Our goal will be to see how far we can get into your environment, identify any high-value targets, and avoid detection.

Phase 3
Analysis and reporting
While Penetration Testing is a complex activity, our analysis and reporting isn’t. We’ll highlight security vulnerabilities and areas that could be exploited. We’ll also provide guidance on remediation, with a clear focus on preventative countermeasures.