Penetration Testing

Simulate attacks against your applications and systems.


Penetration testing is a simulated attack against your organisation's information, applications and systems. The objective is to determine the effectiveness of your existing security controls, both technical and procedural.

Penetration testing seeks to emulate the capability and motivation of a typical threat actor, and uses a mixture of automated and manual techniques.

The level of prior knowledge, attacker capability and underlying motivation will depend on the agreed rules of engagement, but typical examples include the following:

There are many different types of penetration testing, and a wide range of approaches that can be taken. We discuss the specific requirements with our clients prior to beginning any engagement, however, in general, most engagements fall into the following categories.

Cloud Services Penetration Testing

Typically focused on an opportunistic, Internet based, attacker, this type of penetration testing focuses on compromising or obtaining privileged access to data stored or processed by a client's Cloud services, such as those provided by Amazon Web Services (AWS) and Microsoft Azure.

Learn More

Infrastructure Penetration Testing

Typically focused on the disgruntled employee, or in support of other activities such as internal technical compliance, this type of penetration testing focuses on obtaining privileged access to internal systems or information.

Learn More

Mobile App Penetration Testing

Typically focusing on bespoke mobile apps developed by or for the client, this type of penetration testing is concerned with using the app to compromise the mobile device running it, any online web services or application programmable interfaces (APIs) that the app interacts with, or any data held or processed by the app.

Learn More

Red Team Engagement

This is an in-depth and extremely individualised simulated attack against an organisation, which will utilise some or all of the techniques and approaches discussed above, as well as others discussed elsewhere on the website.

Learn More

Social Engineering

Depending on the agreed scenario, this type of penetration testing will usually involve impersonating an opportunistic attacker, someone intending to distribute malware, or someone seeking unauthorised internal access to an organisation's systems.

Learn More

Website Penetration Testing

Typically focused on an opportunistic, Internet based, attacker, this type of penetration testing focuses on compromising or obtaining privileged access to data stored or processed by a client's website(s).

Learn More