This website uses cookies. View our cookie policy
Select regional store:

Penetration Testing

A penetration test, or "pen test," is the easiest, most effective way to demonstrate that exploitable vulnerabilities in your Internet-facing resources are adequately patched, and that you have appropriate technical security controls in place to help protect against cyber intrusions.
We can help you find and patch your vulnerabilities before someone else finds the holes in your defenses. We will test against everything—including the most recent types of attacks—and present the vulnerabilities, risks, and recommendations for remediation in an easy-to-understand "traffic light" report, so that you can make practical decisions based on hard facts.

Technical security testing solutions:

Our fixed-price or custom technical security tests (penetration tests) deliver cost-effective solutions that will help you meet every testing requirement and budget. As a CREST member company, our qualified and knowledgeable penetration testers can assure you of the rigorous standards we employ.


Penetration testing: An essential business investment

Regular vulnerability scanning and penetration testing of all Internet-facing resources is now an essential business investment.
  1. Increasingly complex software on websites and networks means there are more and more security "holes."
  2. More people being involved in security research means that exploitable holes are discovered and publicized more quickly, so these vulnerabilities can become serious liabilities within hours of its existence being publicized.
  3. The massive rise in indiscriminate and automated botnet, DDoS (distributed denial-of-service), SQL injection, and cross-site scripting attacks puts all Internet-facing resources at the direct risk of compromise.
  4. Any successful cyber intrusion will lead to significant remediation costs, on top of down-time and lost productivity, and before factoring in reputation damage, compliance breach costs, and legal actions.

How do penetration tests work?

Pen testing involves a controlled attack on a network or specific device to discover vulnerabilities. The typical penetration test is conducted by an experienced "ethical hacker"—someone who specializes in breaking into systems but who does so with the permission of the system owner.

In a world where attacks on networks and applications are growing in number, and the penalties incurred by organizations for failing to defend against such attacks are becoming ever steeper, effective pen testing is the only way of establishing that your networks and applications are truly secure.

Why should you conduct a regular penetration test?

You should conduct penetration tests on at least a quarterly basis in order to:

  1. Find weaknesses in your information security system before someone else does, identifying vulnerabilities and quantifying their impact and likelihood of being exploited
  2. Produce evidence in the form of reports for managers, showing that your security measures are adequate and working—and demonstrating that your IT expenditure is appropriate and cost-effective
  3. Ensure compliance with critical standards such as the PCI DSS and ISO 27001, and with the requirements of HIPAA and other relevant privacy legislation/regulations
  4. Provide assurance to customers, both in a B2C and B2B context, that their data is being protected and that your organization is not a weak link in their information security chain

ISO27001 and penetration testing

Penetration testing is an essential component in any ISO 27001 information security management system (ISMS)—from initial development through to ongoing maintenance and continual improvement.

How does penetration testing fit into your ISO 27001 ISMS project? There are three specific points in your ISMS project at which penetration testing has a significant contribution to make:

  • As part of the risk assessment process: uncover vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and link them to identifiable threats
  • As part of the risk treatment plan: ensure that controls that are implemented actually work as designed
  • As part of the ongoing corrective action/preventive action (CAPA) and continual improvement processes: ensure that controls continue to work as required, and that new and emerging threats and vulnerabilities are identified and dealt with

15 reasons to choose IT Governance:

  1. We uniquely offer a combination of fixed-price and custom penetration testing solutions.
  2. Our clients benefit from the vast knowledge and deep experience of our penetration testing team.
  3. We are a CREST member company, which means that clients can rest assured in the knowledge that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.
  4. Our clients are involved in a detailed consultation session prior to any testing to identify the depth and breadth of the tests required.
  5. Our penetration tests combine a number of automated vulnerability scans with a range of advanced manual tests by expert in-house penetration testers.
  6. We apply multiple tools and techniques that are closely aligned with the Open Source Security Testing Methodology (OSSTM) and OWASP.
  7. The technical advice and solutions we provide are vendor-neutral, meaning we work with our clients’ available resources wherever possible.
  8. Our clients receive comprehensive information security advice based on our extensive expertise, helping companies implement and achieve compliance with ISO 27001 and the PCI DSS (we are a PCI QSA company).
  9. We can assist our clients with the development of appropriate policies and procedures, staff training, business case development, or the implementation of an information security management system (ISMS).
  10. Clients receive immediate notification about any critical vulnerabilities identified to let them take action quickly.
  11. We provide a comprehensive technical report identifying potential vulnerabilities and recommended remedial activities for each vulnerability identified.
  12. When a remedial activity has been completed, we recommend that the original testing is repeated to ensure that the system is now fully secure.
  13. An executive summary accompanies the technical report, explaining the identified potential vulnerabilities in order to explain the risks and issues in clear, non-technical terms.
  14. All of our solutions are designed to offer smaller organizations a cost-effective method of testing their network's security.
  15. We can offer repeat penetration testing packages, or combined penetration testing and PCI DSS compliance packages, at a significant discount.