Skip to Main Content
Select regional store:
Combined Infrastructure and Web Application Penetration Test

Combined Infrastructure and Web Application Penetration Test

SKU: 4452
Format: 1-year service
Format: 2-year service (includes 5% discount)
Format: 3-year service (includes 10% discount)

Our combined infrastructure and web application penetration test helps to identify potential vulnerabilities in your infrastructure, websites, and web applications.

This fixed-price penetration test, conducted by our CREST-accredited team, includes recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001. 

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service center team on +1 877 317 3454.

Price: $7,000.00


Your challenge

Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure, and web applications. By conducting this test, you can:

  • avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • prevent breaches and subsequent regulatory fines
  • satisfy relevant regulatory requirements or legislation

Our service offering:

  • A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

Require a level 2 penetration test?

We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.

Contact us

Delivered as a remote service

IT Governance routinely provides this service remotely to organizations located outside of the United Kingdom. We can also offer an on-site service, but consultant expenses related to traveling, etc. will need to be absorbed as an additional cost.

Why choose us?

  • We adopt an integrated approach in line with our recognized expertise in internationally adopted standards such as ISO 27001 and ISO 9001.
  • You receive a tailored assessment that applies to your business and relevant threats, not a generic assessment of theoretical risks.
  • You work with CREST-qualified consultants experienced in infrastructure and application penetration testing.
  • We combine a number of advanced manual tests with automated vulnerability scans to ensure all critical vulnerabilities are identified.
  • You receive a clear report that prioritizes the risks relevant to your organization so you can easily remediate any vulnerabilities.


  • The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
  • Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
  • Testing will not include file upload testing.
  • This test is available as either an internal or external test.
  • Consultant expenses related to traveling, etc. are not included in the price.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
  • The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

This website uses cookies. View our cookie policy