This website uses cookies. View our cookie policy

Penetration Testing

What is penetration testing?

Penetration testing is a controlled form of ethical hacking that involves systematically testing your networks and applications for vulnerabilities that may be exploited by criminals.

Our experienced penetration testers will assess your chosen systems for potential weaknesses (such as improper system configuration or unidentified hardware/software flaws) by simulating attacks and techniques used by criminals without causing damage. 

We can perform penetration tests outside business hours, or when your networks and applications are least in use, allowing you to improve your security posture with minimal impact to your daily operations.

Get in touch with one of our experts today to find out more about our penetration tests.

Speak to an expert

No organisation is immune to cyber attacks

Organisations of all sizes, anywhere and in any industry are at risk of cyber attack. Failing to protect your systems increases the likelihood of both reputational damage and significant fines for your business.

Watch our short video to see how penetration testing can help protect your organisation.

Why conduct a penetration test?

An organisation should carry out a penetration test:

  • Following a serious attack on a similar organisation;
  • To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the GDPR (General Data Protection Regulation);
  • To ensure the security of new applications or significant changes to business processes;
  • To manage the risks of outsourced services;
  • To evaluate the risk of critical data or systems being compromised; and/or
  • In preparation for any external audits, such as annual Central Bank audits carried out on Ireland’s credit unions.

 “IT Governance combines the delivery of real insights with a cost-effective service.” 

Ian Kilpatrick, Group Information Security Officer at Collinson Group

Different types of penetration test

Generally speaking, there are four types of penetration test, with different focuses according to the particular aspect of the organisation’s logical perimeter.

Network (or infrastructure) penetration test


Network penetration testing aims to identify exploitable security vulnerabilities in external connections with the Internet and other outside systems, including servers, hosts, devices and network services. Incorrectly designed interfaces leave your organisation vulnerable to criminals gaining unauthorised access to the network and performing malicious activities.

Common security issues

  • Unpatched operating systems, applications and server management systems. 
  • Misconfigured software, firewalls and operating systems. 
  • Unused or insecure network protocols.

Next steps

Find out more

Buy now

Web application penetration test


Web application penetration testing is designed to identify security issues resulting from insecure design, coding and publishing of software. For many organisations, applications are used to process payment card data, sensitive data and/or proprietary data, and therefore qualify as a critical business function.

Common security issues

  • The potential for injection (the lack of validation allows attackers to control the user’s browser). 
  • Privilege escalation (users have access to more parts of the site or application than they should). 
  • Cross-site scripting.

Next steps

Find out more

Buy now

Wireless network penetration test


Wireless network penetration testing identifies access points and rogue devices within an organisation’s secure environment.

Common security issues

  • Rogue or open access points. 
  • Misconfigured or accidentally duplicated wireless networks. 
  • Insecure wireless encryption standards, such as WEP (Wired Equivalent Privacy). 

Next steps

Find out more

Buy now

Simulated phishing test


Phishing and social engineering penetration testing is designed to evaluate employees’ susceptibility to techniques designed to get them to breach security rules or provide unauthorised access to sensitive information.

Common security issues

  • Susceptibility to phishing emails. 
  • A willingness to hand over sensitive information to people without knowing who they are. 
  • Giving people physical access to a restricted part of the organisation.

Next steps

Find out more

Buy now

What will I find in my penetration test report?

On average, a penetration test performed by IT Governance will identify 3 critical, 8 high-, 43 medium- and 11 low-risk findings per report.




The threat agent could gain full control over the system or application, or render it unusable by legitimate users, by using well-known methods and exploits.

Number of findings




The threat agent could gain full control over the system or application or render it unusable by legitimate users.




The threat agent could gain some level of interactive control or access to data held on the system.




The threat agent could gain information about the systems, which could be used to facilitate further access.


Free download – Assured Security: Getting cyber secure with penetration testing

Use this free green paper to learn how to keep your business secure and safe against cyber attacks with cost-effective penetration testing.


  • What penetration testing is;
  • How penetration testing works;
  • The types of vulnerabilities that can go undetected;
  • Why penetration tests are the best solution to uncovering vulnerabilities before criminals do; and
  • The difference between network and web application tests.

Download now

Speak to an expert

For more information and guidance on penetration testing or packages IT Governance offers, please contact our experts who will be able to discuss your organisations needs further.