CREST Accredited Penetration Testing

We provide a range of penetration testing and assessment services including infrastructure testing, web app testing, mobile app testing, vulnerability scanning and phishing assessments.

Every test is delivered by our experienced and qualified consultants whose certifications include CREST, Tigerscheme, Cyber Scheme, OSCP, GWAPT and CISSP.

All testing is followed by a detailed but easy to understand report, a debrief call and a free retest once you’ve remediated the issues we’ve identified.

  • CREST Accredited for Penetration Testing Services
  • CREST, Tigerscheme, Cyberscheme & OSCP Testers
  • Best Practice Testing Methodologies
  • Detailed Test Report & Remediation Guidance
  • Call to Discuss Findings & Recommendations
  • Free Retest for┬áRemediated Vulnerabilities
  • Affordable Rates & Flexible Engagements

Contact us for information and pricing.

03330 500 111

Our Penetration Testing Services

Our Approach

Initial Scoping & Quote

Step 1

We’ll discuss your testing objectives with you, confirm the scope and provide you with our recommendations and a quote for testing. We can provide one-off testing or managed testing service provided on a continuous basis.

Statement of Work

Step 2

If the quote is acceptable, we will sign an NDA with you and gather the details required to create a statement of work, this will set out all the details relating to the test, including the agreed scope, contacts during testing, your agreement to test and the contract terms relating to the testing services.

Perform Testing Work

Step 3

Penetration testing will be carried out by our Tigerscheme and Cyberscheme qualified experts. Our testers will be available to you throughout the testing work and will contact you if they identify any critical vulnerabilities or issues that arise.

Report Write Up

Step 4

When testing is complete we’ll prepare our report. This will set out an executive summary and our assessment of the risk to your organisation together with a technical report setting out details of vulnerabilities identified, their severity and our recommendations for fixing the issues. The report will be peer-reviewed and sent to you securely.

Client Review Call

Step 5

Once you have the report, we’ll arrange a review call with you to discuss our findings and recommendations and to answer any questions you might have. We’ll remain available to you after the review call to answer any follow-up queries that might arise later.

Free Retest

Step 6

Once you’ve remediated the vulnerabilities identified during the test, we’ll retest them for you and issue an updated report at no extra cost.

Our Qualifications

Pen Test Certs

About Us

Evalian provides penetration testing services, security assessment and data protection to organisations of all sizes in the UK and globally.

Our experienced team work from offices in London, Dublin Southampton and Manchester and remotely across the UK. We are certified to ISO 27001 and ISO 9001 and CREST accredited for penetration testing services.

If you need a quote, example reports, or just want some advice we’d be pleased to help. Contact us today for more information.

Learn More

Guide: Penetration Testing

So what is a penetration test? Our guide to pen testing gives an extensive view of the process and highlights the benefits of securing your network and systems.

Blog: What is a Penetration Test?

To gain a brief insight into penetration testing services, Evalian consultant, Nelson Santos explains why penetration testing is necessary for small and large businesses alike.

Frequently Asked Questions

What exactly is penetration testing?

A penetration test is a manual security assessment of your network, systems or applications using the same techniques and tactics that an attacker would use to compromise your systems or data. The tester identifies the vulnerabilities that an attacker would seek to exploit and advises on the steps required to fix them to make your systems more secure. You can learn more in our detailed Guide to Penetration Testing.

What should be tested?

The scope of the test depends on a number of factors, including your IT architecture, the data you hold, your reasons for being tested and your budget. If you want to ensure that your most sensitive information is secure, start with systems that store this data. This could be internal file servers (an infrastructure test would be a good start) or internet-facing applications (a web application test would make sense) for example. We can help you scope the test you need. Contact us and we’d be happy to talk through the options and make recommendations.

How do we arrange a penetration test?

The starting point is a discussion to scope your test requirements and understand your objectives. We’ll then provide you with a quote. If you choose to proceed, we’ll enter into an NDA with you and gather more detailed scoping information about the target systems to be tested (typically system IP addresses or URLs for web applications). We’ll use this information to create the Statement of Work (SoW) which we’ll ask you to sign to authorise us to carry out the tests on the agreed dates. Once the SoW is signed we’ll be able to start the tests and we will stay in touch with you through the process.

What is covered in the penetration test report?

Your report will consist of a management summary, test information, test summary and a detailed technical report. The management summary provides an overview of the test, our recommendations and our assessment of your security risk. The remainder of the report sets out the details of the test, our findings and recommendations, including supporting evidence and links to additional materials. The report is written in plain English and is accompanied by a debrief call, during which we’ll discuss our findings and recommendations and answer any questions that you have.

When will we receive the penetration report?

We provide our report within seven days of completing the test. During this period, the tester analyses the test results and writes up the report, which is then peer-reviewed by the Testing Practice Lead. Following peer review, a quality assurance review is carried out and the report is authorised for release by a Director.


Want to Discuss Penetration Testing?

Contact us now for a friendly, no-obligation discussion or to request more information about our penetration testing services and security assessment services. We support clients across the UK and globally.

Contact Us