Select regional store:

Penetration Testing

What is penetration testing?

Penetration testing (oftened referred to as pentesting) is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find your organizations weaknesses. In the US, many organizations use penetration testing to simulate hacker attacks.

The pentesting process involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.

An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimizing the impact on everyday operations.

To find out more about our pentesting services, get in touch with one of our experts today. 

Speak to an expert

No organization is immune to cyber attacks

Not protecting your organization’s systems puts them at risk of cyber attacks that can disrupt your business, cause reputational damage and result in hefty fines. 

Watch our short video to see how pentesting can help protect your organization.

Why conduct a penetration test?

An organization should carry out a penetration test:

“IT Governance combines the delivery of real insights with a cost-effective service.” 

Ian Kilpatrick, Group Information Security Officer at Collinson Group

Different types of penetration test

Broadly speaking, there are four types of penetration test, each focusing on a particular aspect of an organization’s logical perimeter.

Network (or infrastructure) penetration test


The objective of network pentesting is to identify security vulnerabilities in how an organization connects with the Internet and other external systems. This includes servers, hosts, devices and network services. If an organization’s interfaces are not designed correctly, criminals will be able to enter the network and perform malicious activities. 

Common security issues

  • Unpatched operating systems, applications and server management systems. 
  • Misconfigured software, firewalls and operating systems. 
  • Unused or insecure network protocols.

Next steps

Buy now

Web application penetration test


The objective of web application pentesting is to identify security issues resulting from insecure development practices in the design, coding and publishing of software. Applications 
are a vital business function for many organizations as they are used to process payment card data, sensitive personal data and/or proprietary data.

Common security issues

  • The potential for injection (the lack of validation allows attackers to control the user’s browser). 
  • Privilege escalation (users have access to more parts of the site or application than they should). 
  • Cross-site scripting.

Next steps

Buy now

Wireless network penetration test


The objective of wireless network pentesting is to detect access points and rogue devices in an organization’s secured environment. 

Common security issues

  • Rogue or open access points. 
  • Misconfigured or accidentally duplicated wireless networks. 
  • Insecure wireless encryption standards, such as WEP (Wired Equivalent Privacy). 

Next steps

Buy now

Simulated phishing test


The objective of phishing and social engineering pentesting is to assess employees’ susceptibility to break security rules or give access to sensitive information. 

Common security issues

  • Susceptibility to phishing emails. 
  • A willingness to hand over sensitive information to people without knowing who they are. 
  • Giving people physical access to a restricted part of the organization.

Next steps

Buy now

What will I find in my penetration test report?

A penetration test performed by IT Governance USA will, on average, identify 3 critical, 8 high-, 43 medium- and 11 low-risk findings per report.




The threat agent could gain full control over the system or application, or render it unusable by legitimate users, by using well-known methods and exploits.

Number of findings




The threat agent could gain full control over the system or application or render it unusable by legitimate users.




The threat agent could gain some level of interactive control or access to data held on the system.




The threat agent could gain information about the systems, which could be used to facilitate further access.


Free download – Assured Security: Getting cyber secure with penetration testing

This free green paper will teach you how to keep your business secure and safe from cyber attacks with cost-effective penetration testing.


  • What penetration testing is
  • How penetration testing works
  • The types of vulnerabilities that can go undetected
  • Why penetration tests are the best solution to uncovering vulnerabilities before criminals do
  • The difference between network and web application tests

Download now

Speak to an expert

For more information and guidance on penetration testing or packages IT Governance offers, please contact our experts who will be able to discuss your organizations needs further.

This website uses cookies. View our cookie policy