This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

Penetration Testing

Penetration testing (also referred to as ‘pen testing’) is an effective method of determining the security of your networks and web applications, helping your organisation identify the best way of protecting its assets.

Understanding the vulnerabilities you face allows you to focus your efforts, rather than using broad methods that may need heavy investment without a guarantee that the vulnerabilities in your systems have been addressed.

 
 

What is penetration testing?

Penetration testing is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.

The process of penetration testing involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.

An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimising the impact on everyday operations.

View our free resources

 

Why conduct a penetration test?

Drivers for carrying out penetration tests should be based on an evaluation of relevant criteria, which would typically include:

  • In response to the impact of a serious breach on a similar organisation;
  • To comply with a regulation or standard, such as the PCI DSS and GDPR;
  • To ensure the security of new applications or significant changes to business processes;
  • To manage the risks of using a greater number and variety of outsourced services; and
  • To assess the risk of critical data or systems being compromised.

 

Different types of penetration test

Broadly speaking, there are four types of penetration test, each focusing on a particular aspect of an organisation’s logical perimeter.

Network penetration test

Identifies security problems within your network infrastructure. Network penetration testing is likely to involve scanning your network and wireless.

Find out more

 

Web application penetration test

Detects security issues within a website or web application that could be exploited by a malicious attacker, resulting in irreparable damage or data theft.

Find out more

 

Wireless penetration test

The objective of a wireless penetration test is to detect access points and rogue devices, analyse your configurations and test for vulnerabilities.

Find out more

 

Simulated phishing test

Delivers an independent assessment of employee susceptibility to phishing attacks and evaluates your security awareness campaigns.

Find out more
 

What will I find in my penetration test report?

A penetration test performed by IT Governance will, on average, identify 3 critical, 8 high-, 43 medium- and 11 low-risk findings per report.

Critical

The threat agent could gain full control over the system or application, or render it unusable by legitimate users...

3

High

The threat agent could gain full control over the system or application, or render it unusable by legitimate users...

8

Medium

The threat agent could gain full control over the system or application, or render it unusable by legitimate users...

43

Low

The threat agent could gain full control over the system or application, or render it unusable by legitimate users...

11

 

Why choose IT Governance for a penetration test

We’re a pioneer in making penetration testing easy to understand and quick to buy.

 

Clear reports that can be understood by engineering and management teams alike.

 

CREST-accredited penetration testing services give you all the technical assurance you need.

 

“IT Governance combines the delivery of real insights with a cost-effective service.” Ian Kilpatrick, Group Information Security Officer at Collinson Group.

 

Companies using our penetration testing services:

 

 

Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us