& fixed price
UK based, highly qualified &
Free retesting when
vulnerabilities have been fixed
CREST, ISO 9001,
ISO 27001 & Cyber Essentials Plus
External and internal infrastructure
Website and web app
testing to OWASP
iOS and Android app
testing to OWASP
API functionality and
Citrix and remote desktop
One-off or managed
Firewall and OS
tests and campaigns
Our penetration testing team includes CREST certified testers with accreditations such as Cyber Scheme Team Leader (CSTL), Offensive Security Certified Professional (OSCP) and Qualified Security Team Member (QTSM) as well as certifications in CISSP, OSCP, GWAPT and CISA.Our Consultants
We can also offer you the opportunity to include specialist cyber security support such as outsourced security management, Cyber Essentials and Cyber Essentials Plus Certification & ISO 27001 readiness.Cyber Security Services
Keep up to date with the latest cyber security news, trends, and follow our latest insights and advice for improving your organisation's security posture with regular blog posts from our penetration testing and cyber security specialists.Evalian Blog
Download our latest guides on topics such as penetration testing, supply chain security, Cyber Essentials and much more. We aim to arm you with the knowledge you need to make informed decisions about which of our services best suits your organisation.Guides
We’ll discuss your testing objectives with you, confirm the scope and provide you with our recommendations and a quote for testing. We can provide one-off testing or a managed testing service on a continuous basis.
If the quote is acceptable, we will sign an NDA with you and gather the details required to create a statement of work. This will set out all the details relating to the test, including the agreed scope, contacts during testing, your agreement to test and the contract terms relating to the testing services.
Penetration testing will be carried out by our Tigerscheme and Cyberscheme qualified experts. Our testers will be available to you throughout the testing work and will contact you if they identify any critical vulnerabilities or issues that arise.
When testing is complete we’ll prepare our report. This will set out an executive summary and our assessment of the risk to your organisation together with a technical report setting out details of vulnerabilities identified, their severity and our recommendations for fixing the issues. The report will be peer-reviewed and sent to you securely.
Once you have the report, we’ll arrange a review call with you to discuss our findings and recommendations and to answer any questions you might have. We’ll remain available to you after the review call to answer any follow-up queries that might arise later.
Once you’ve remediated the vulnerabilities identified during the test, we’ll retest them for you and issue an updated report at no extra cost.
Your tester will be highly qualified and experienced in testing, information security and related fields. Our consultants hold certifications from CREST, Tigerscheme, Cyber Scheme, Offensive Security, SANS, ISC2 and IASME.
We promise open communication and real-world advice with no hard sell.REQUEST YOUR QUOTE
A penetration test is a manual security assessment of your network, systems or applications using the same techniques and tactics that an attacker would use to compromise your systems or data. The tester identifies the vulnerabilities that an attacker would seek to exploit and advises on the steps required to fix them to make your systems more secure. You can learn more in our detailed Guide to Penetration Testing.
The scope of the test depends on a number of factors, including your IT architecture, the data you hold, your reasons for being tested and your budget. If you want to ensure that your most sensitive information is secure, start with systems that store this data. This could be internal file servers (an infrastructure test would be a good start) or internet-facing applications (a web application test would make sense) for example. We can help you scope the test you need. Contact us and we’d be happy to talk through the options and make recommendations.
The starting point is a discussion to scope your test requirements and understand your objectives. We’ll then provide you with a quote. If you choose to proceed, we’ll enter into an NDA with you and gather more detailed scoping information about the target systems to be tested (typically system IP addresses or URLs for web applications). We’ll use this information to create the Statement of Work (SoW) which we’ll ask you to sign to authorise us to carry out the tests on the agreed dates. Once the SoW is signed we’ll be able to start the tests and we will stay in touch with you through the process.
Your report will consist of a management summary, test information, test summary and a detailed technical report. The management summary provides an overview of the test, our recommendations and our assessment of your security risk. The remainder of the report sets out the details of the test, our findings and recommendations, including supporting evidence and links to additional materials. The report is written in plain English and is accompanied by a debrief call, during which we’ll discuss our findings and recommendations and answer any questions that you have.
We provide our report within seven days of completing the test. During this period, the tester analyses the test results and writes up the report, which is then peer-reviewed by the Testing Practice Lead. Following peer review, a quality assurance review is carried out and the report is authorised for release by a Director.
Trusted by clients from across numerous sectors, including businesses, charities and public sector organisations
Contact us now for a friendly, no-obligation discussion or to request more information about our penetration testing services and security assessment services. We support clients across the UK and globally.Contact