CREST Accredited Penetration Testing Services
Our Penetration Testing services are performed by UK-based, CREST-accredited and highly qualified penetration testing consultants.
Affordable rates
& fixed price
proposals
Highly qualified pen
testing consultants
Free retesting when
vulnerabilities have been fixed
CREST, ISO 9001,
ISO 27001 & Cyber Essentials Plus
Your named pen tester will test your internal and external network, using both in-depth manual and automated scanning to enable you to detect and respond to security vulnerabilities.
We’ll discuss your testing objectives with you, confirm the testing scope and provide you with our recommendations and a quote for testing. We can provide one-off testing or a managed testing service on a continuous basis.
If the quote is acceptable, we will sign an NDA with you and gather the details required to create a statement of work. This will set out all the details relating to the test, including the agreed scope, contacts during testing, your agreement to test and the contract terms relating to the testing services.
Penetration testing will be carried out by our Tigerscheme and Cyberscheme qualified experts. Our testers will be available to you throughout the testing work and will contact you if they identify any critical vulnerabilities or issues that arise.
When testing is complete we’ll prepare our pen test report. This will set out an executive summary and our assessment of the risk to your organisation together with a technical report setting out details of the vulnerabilities identified, their severity and our recommendations for fixing the issues. The report will be peer-reviewed and sent to you securely.
Once you have the report, we’ll arrange a review call with you to discuss our findings and recommendations and to answer any questions you might have. We’ll remain available to you after the review call to answer any follow-up queries that might arise later.
Once you’ve remediated the vulnerabilities identified during the test, we’ll retest them for you and issue an updated report at no extra cost.
Our security experts are highly qualified and experienced in testing, information security, delivering social engineering awareness training and related fields. Our consultants hold certifications from CREST (for Pen Testing, Vulnerability Scanning and OVS), Cyber Scheme, Offensive Security, SANS, ISC2 and IASME.
We promise a high-quality pen test service, with open communication and real-world advice with no hard sell.
Need some help understanding the information on this form? Visit our guide to scoping a penetration test.
Want to know what to expect when it comes to the cost of a penetration test? Read our comprehensive guide to understanding penetration testing costs.
Confused about where to start when scoping your penetration testing requirements? We've got you covered.
Download our FREE guide to penetration testing here.
Four steps to choosing the right pen test partner for your organisation.
Our qualified penetration testers will write up a technical penetration testing report setting out details of any vulnerabilities identified, their severity and recommendations for fixing the issues. Reports are written in easy-to-understand language and a debrief call will be arranged with your consultant.
Contact us now for a friendly, no-obligation discussion with one of our expert penetration testing consultants, and to request more information about our penetration testing services and security assessment services. We support clients across the UK and globally.
ContactA penetration test is a manual security assessment of your network, systems or applications using the same techniques and tactics that an attacker would use to compromise your systems or data. The tester identifies the vulnerabilities that an attacker would seek to exploit and advises on the steps required to fix them to make your systems more secure. You can learn more in our detailed Guide to Penetration Testing.
Using a company that has CREST accreditation to carry out security assessments and penetration testing gives you the confidence that the quality of the services and the technical capability and skills of the consultants you have access to are of an internationally recognised high standard. Using a CREST-certified pen test professional ensures you are being provided with reputable services and testers who are highly skilled, knowledgeable, competent and able to find not only the commonly found vulnerabilities within an infrastructure but also the really difficult-to-find vulnerabilities.
The scope of the test depends on a number of factors, including your IT architecture, the data you hold, your reasons for being tested and your budget. If you want to ensure that your most sensitive information is secure, start with systems that store this data. This could be internal file servers (an infrastructure test would be a good start) or internet-facing applications (a web application test would make sense) for example. We can help you scope the test you need. Contact us and we’d be happy to talk through the options and make recommendations.
The starting point is a discussion to scope your test requirements and understand your objectives. We’ll then provide you with a quote. If you choose to proceed, we’ll enter into an NDA with you and gather more detailed scoping information about the target systems to be tested (typically system IP addresses or URLs for web applications). We’ll use this information to create the Statement of Work (SoW) which we’ll ask you to sign to authorise us to carry out the tests on the agreed dates. Once the SoW is signed we’ll be able to start the tests and we will stay in touch with you through the process.
Your report will consist of a management summary, test information, test summary and a detailed technical report. The management summary provides an overview of the test, our recommendations and our assessment of your security risk. The remainder of the report sets out the details of the test, our findings and recommendations, including supporting evidence and links to additional materials. The report is written in plain English and is accompanied by a debrief call, during which we’ll discuss our findings and recommendations and answer any questions that you have.
Your penetration testing consultant will provide your report within seven days of completing the test. During this period, the tester analyses the test results and writes up the report, which is then peer-reviewed by the Testing Practice Lead. Following peer review, a quality assurance review is carried out and the report is authorised for release by a Director.
The cost of hiring an external penetration testing provider can widely vary depending on a number of factors such as the type of penetration test you require, whether it is a website, a web application, a mobile application and external or internal infrastructure, the number of days needed to test, and whether you need an onsite test.
Penetration testing providers can charge anywhere between £600 to over £3000 per day. Some organisations will offer a seemingly much lower price than others – but tread lightly and do your research beforehand, there is the risk that they could solely be selling automated vulnerability scanning and not offering the full detailed assessment that manual penetration testing provides, or have “bolt-on” costs for additional aspects of a test and the price can quickly shoot up.
How can you be sure what they are offering is reasonable? Make sure you collect information on potential vendors, check credentials and find evidence of reviews and case studies. To learn more about penetration pricing, read our comprehensive guide to penetration testing costs in the UK.
On the surface, a red team assessment looks similar to a penetration test, but it goes further.
Where penetration testing is a type of security assessment, using a combination of tools and manual exploit techniques to identify vulnerabilities within your IT infrastructure, a red team assessment mimics a real-life attacker, without time limitations using tactics, techniques and tools together to access systems or data.
Read more in our extensive blog: Pen Testing vs Red Team Testing