Skip to Main Content
Important information: Potential delay on shipment of physical goods. Read more
Combined Infrastructure and Web Application Penetration Test

Combined Infrastructure and Web Application Penetration Test

SKU: 4452
Format: Year 1

IT Governance’s combined infrastructure and web application penetration test helps to identify potential vulnerabilities in your infrastructure, websites and web applications. This fixed-price penetration test, conducted by our CREST-accredited team, includes recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

Preis: 5.200,00 €
Ohne Mehrwertsteuer


Your challenge

Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:

  • Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • Prevent breaches and subsequent regulatory fines
  • Satisfy relevant regulatory requirements or legislation

Our service offering:

  • A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

Are you interested in an advanced level 2 penetration test?

You are just a click away from purchasing. We’ve designed our standard packages to be easy and affordable. However, if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers, or even meet with them, then we would be happy to arrange this for you.

Contact us

Why choose us?

  • We adopt an integrated approach in line with our recognised expertise in internationally adopted standards such as ISO 27001 and ISO 9001.
  • You receive a tailored assessment that applies to your business and relevant threats, not a generic assessment of theoretical risks.
  • You work with CREST-qualified consultants experienced in infrastructure and application penetration testing.
  • We combine a number of advanced manual tests with automated vulnerability scans to ensure all critical vulnerabilities are identified.
  • You receive a clear report that prioritises the risks relevant to your organisation so you can easily remediate any vulnerabilities.


  • The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
  • Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
  • Testing will not include file upload testing.
  • This test is available as either an internal or external test.
  • Consultant expenses related to travelling, etc. are not included in the price.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
  • The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).


(0# der Bewertungen:)
This website uses cookies. View our cookie policy.