This website uses cookies. View our cookie policy
Close
EU
Select regional store:

Penetration Testing

Penetration testing (also referred to as ‘pen testing’) is an effective method of determining the security of your networks and web applications, helping your organisation identify the best way of protecting its assets.

Understanding the vulnerabilities you face allows you to focus your efforts, rather than using broad methods that may need heavy investment without a guarantee that the vulnerabilities in your systems have been addressed.

 
 

What is penetration testing?

Penetration testing is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.

The process of penetration testing involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.

An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimising the impact on everyday operations.

 

Why conduct a penetration test?

Drivers for carrying out penetration tests should be based on an evaluation of relevant criteria, which would typically include:

“In response to the impact of a serious breach on a similar organisation.”

|
 

 

“To comply with a regulation or standard, such as the PCI DSS and GDPR.”

|
 

 

“To ensure the security of new applications or significant changes to business processes.”

|
 

 

“To manage the risks of using a greater number and variety of outsourced services.”

|
 

 

“To assess the risk of critical data or systems being compromised.”

|
 

 

 

“61% of the data breach victims in the 2017 Verizon Data Breach Investigations Report are businesses with fewer than 1,000 employees”

 

Different types of penetration test

Broadly speaking, there are four types of penetration test, each focusing on a particular aspect of an organisation’s logical perimeter.

Network penetration test

Identifies security problems within your network infrastructure. Network penetration testing is likely to involve scanning your network and wireless.

Find out more
 

Web application penetration test

Detects security issues within a website or web application that could be exploited by a malicious attacker, resulting in irreparable damage or data theft.

Find out more
 

Wireless penetration test

The objective of a wireless penetration test is to detect access points and rogue devices, analyse your configurations and test for vulnerabilities.

Find out more
 

Simulated phishing test

Delivers an independent assessment of employee susceptibility to phishing attacks and evaluates your security awareness campaigns.

Find out more
 

What will I find in my penetration test report?

A penetration test performed by IT Governance will, on average, identify 3 critical, 8 high-, 43 medium- and 11 low-risk findings per report.

Critical

The threat agent could gain full control over the system or application, or render it unusable by legitimate users, by using well known methods and exploits.

3

High

The threat agent could gain full control over the system or application, or render it unusable by legitimate users.

8

Medium

The threat agent could gain full control over the system or application, or render it unusable by legitimate users.

43

Low

The threat agent could gain information about the systems, which could be used to facilitate further access.

11

 

“IT Governance combines the delivery of real insights with a cost-effective service.” Ian Kilpatrick, Group Information Security Officer at Collinson Group.

 

Choose which test you need

At IT Governance, we offer two levels of penetration test to meet your budget and technical requirements:

Level 1

Identifies the vulnerabilities that leave your IT exposed. Combining a series of manual assessments with automated scans, our team will assess the true extent of your system or network’s vulnerabilities, allowing you to evaluate your security posture and make more accurate budgetary decisions.

Purchase our affordable,
quick and fixed-price penetration tests online.

Buy online

 

Level 2

Involves attempting to exploit the identified vulnerabilities to see whether it is possible to access your assets and resources. This more thorough assessment of your security posture enables you to make more accurate decisions about investing in securing your business-critical systems.

Please contact us for further information
or to speak to an expert.

Contact us
 

Companies using our penetration testing services:

 

 

Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us