Basket
United Kingdom
Select regional store:
Please enter more than 3 characters
Learn from anywhere: get 20% off July and August training dates, plus all self-paced online courses. Find out more
Security testing solutions Penetration testing Penetration testing services

Penetration Testing Services

Stay ahead of the criminals: put your cyber defences to the test with
comprehensive penetration testing.

COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow us to provide consultancy services, vulnerability scans and penetration tests, and training remotely where necessary. Please also refer to our COVID-19 policy.

CREST-accredited penetration testing services from IT Governance

CREST is an international not-for-profit accreditation and certification body for technical information security companies.

As a CREST member company, we can give you the technical assurance you need that your cyber defences are appropriate and effective.

Our expert penetration testers will analyse your cyber security vulnerabilities either remotely or in person so you can defend your organisation against cyber crime and help prevent data breaches.

Learn more about penetration testing

Speak to an expert

For more information about how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on +44 (0)1474556685, or request a call back using the form below. 

Get in touch

Our penetration testing services

Our fixed-price testing packages are suitable for any organisation that wants to identify the exploitable weaknesses targeted by cyber attackers.

Results are presented in an easy-to-understand report, ideal for small and medium-sized organisations, or those with no prior experience of security testing.

Organisations that need greater reassurance should consider a level 2 test.

These are more complex assessments that painstakingly identify security vulnerabilities in your hardware and software, systems or web applications, and then try to exploit them.

Learn more about penetration testing levels

Click for more information about our penetration testing services and how they can help secure your organisation:

  • Remote working penetration tests
  • Infrastructure (network) penetration tests
  • Wireless network penetration tests
  • Web application (software) tests
  • Social engineering and phishing tests
  • Vulnerability scans

Remote working penetration tests

A remote workforce leaves you open to many more threats than you faced with office-based staff.

With remote working now established as the norm for many companies, cyber security has never been more important.

Our remote testing services will probe your remote access solutions and internal infrastructure that criminals might exploit.

Remote Access Penetration Test

Our remote access penetration test combines a web application and infrastructure test.

Performed remotely, it assesses your externally facing remote access solutions, looking for:

  • Inadequate/insecure authentication;
  • Weak configurations;
  • Default settings; and
  • Outdated software and patching levels.

Book a remote access penetration test 

Certified Ethical Hacker (CEH) Course

Remote Compromise Penetration Test

Our remote compromise penetration test will identify:

  • Weak configurations (e.g. default settings);
  • Outdated software and patching levels;
  • Insecure authentication;
  • Weak permissions; and
  • Means of bypassing antivirus software.

Book a remote compromise penetration test

Infrastructure (network) penetration tests

Infrastructure tests probe for security flaws affecting your operating systems and network architecture, such as:

  • Servers and hosts;
  • Firewalls and wireless access points; and
  • Network protocols.

There are two types of test: external and internal.

Certified Ethical Hacker (CEH) Course

External infrastructure (network) penetration tests

External infrastructure tests combine automated scans and manual assessments to examine the vulnerabilities that might allow external attackers to gain access to your systems.

Book an external network penetration test

Internal pen test

Internal infrastructure (network) penetration tests

Internal infrastructure tests attempt to identify network and operating system vulnerabilities from the point of view of anyone with insider access to your systems, applications or data, such as employees or contractors.

Learn more about internal network penetration tests

Social engineering and phishing tests

Social engineering involves attackers manipulating victims into compromising their security, transferring money or providing sensitive information. A social engineering penetration test or simulated phishing attack will assess your staff’s susceptibility to phishing and other types of social engineering.

Certified Ethical Hacker (CEH) Course

Social engineering penetration tests

Social engineering penetration tests highlight vulnerabilities involving your employees and help inform appropriate staff awareness training.

A social engineering penetration test will help you:

  • Establish the publicly available information that an attacker could obtain about your organisation;
  • Evaluate how susceptible your employees are to social engineering attacks; and
  • Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks.

Book a social engineering penetration test

Certified Ethical Hacker (CEH) Course

Phishing penetration tests

A simulated phishing attack establishes your employees’ vulnerability to phishing emails and helps inform appropriate staff awareness training.

We use various techniques, including sending an email to your staff, asking them to take actions that could result in them handing over sensitive information, such as usernames and passwords.

We will then assess their responses and create a report to help you understand where staff training needs to be focused.

Book a simulated phishing attack

Other penetration tests and scanning services

Certified Ethical Hacker (CEH) Course

Wireless network penetration tests

Wireless tests examine security vulnerabilities affecting your wireless networks, including:

  • Information leakage and signal leakage;
  • Encryption vulnerabilities, such as wireless sniffing and session hijacking; and
  • Weak access controls.

Book a wireless network penetration test

Web application test

Web application (software) tests

Web application tests identify security vulnerabilities introduced during the development of software or websites, including:

  • Assessing web applications for vulnerability to attacks, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security.

Book a web application penetration test

Certified Ethical Hacker (CEH) Course

Vulnerability scans

Vulnerability scanning is an automated process that identifies, but does not assess, security flaws in your systems that might be exploited by cyber criminals.

With a monthly subscription to our Vulnerability Scan service, you can:

  • Scan for thousands of vulnerabilities, helping you see exactly what criminal hackers can see;
  • Receive a detailed report that gives you a breakdown of all your weak spots that need attention;
  • Act quickly to fix your security weaknesses before criminal hackers find and exploit them; and
  • Run and rerun scans as often as you like within a month.

Learn more about vulnerability scanning

More extensive penetration testing (level 2)

If your organisation handles sensitive information where a compromise could have a critical impact and you require a higher level of assurance, please get in touch for a quote

Get a quick quote

Why choose IT Governance?

CREST-registered testers

Our penetration tests are performed by a team of CREST-registered security testers, providing the independent assurance you need that we have up-to-date knowledge, and the skills to address the latest vulnerabilities and techniques used by real attackers.

Straightforward pricing

Our fixed-cost packages are ideal for small and medium-sized organisations, or for those with little or no experience of penetration testing.

Diverse experience and expertise

Our team has experience across a diverse set of disciplines and standards, such as the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 and the EU GDPR (General Data Protection Regulation).
 

Tailored options

Our team can provide additional scoping support and expertise for organisations with more complex objectives that need a more detailed exploration of complex environments.

Our penetration tests comply with the Microsoft Rules of Engagement

For Azure clients, this means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or infrastructure.

Companies using our penetration testing services

This website uses cookies. View our cookie policy
20% OFF TRAINING