CREST-accredited penetration testing services from IT Governance
CREST is an international not-for-profit accreditation and certification body for technical information security companies.
As a CREST member company, IT Governance can give provide technical assurance that your cyber defences are effective.
Our experts will analyse your cyber security vulnerabilities to protect your organisation from cyber crime and data breaches.
Learn more about penetration testing
Speak to an expert
For more information about our CREST-accredited pen testing services, call us now on
+44 (0)333 800 7000, or request a call back using the form below.
Get in touch
Our penetration testing services
Our fixed-price testing packages are suitable for any organisation that wants to identify vulnerabilities targeted by cyber attackers.
Results are presented in a report that is ideal for small and medium-sized organizations with no prior security testing experience.
Organisations that need greater reassurance should consider a level 2 test.
Level 2 tests are more complex assessments that are tailored to your requirements following scoping. They will painstakingly identify security vulnerabilities in your hardware and software, systems or web applications and then try to exploit them.
Click for more information about our penetration testing services and how they can help secure your organisation:
Remote working penetration tests
A remote workforce leaves you open to many more threats than you faced with office-based staff.
With remote working now the norm for many companies, cyber security has never been more critical.
Our remote testing services will probe your remote access solutions and internal infrastructure that criminals might exploit.
Remote Access Penetration Test
Our Remote Access Penetration Test combines a web application and infrastructure test.
Performed remotely, it assesses your externally facing remote access solutions, looking for:
- Inadequate/insecure authentication;
- Weak configurations;
- Default settings; and
- Outdated software and patching levels.
Book a Remote Access Penetration Test
Remote Compromise Penetration Test
Our Remote Compromise Penetration Test will identify:
- Weak configurations (e.g. default settings);
- Outdated software and patching levels;
- Insecure authentication;
- Weak permissions; and
- Means of bypassing antivirus software.
Book a Remote Compromise Penetration Test
Infrastructure (network) penetration tests
Infrastructure tests probe for security flaws affecting your operating systems and network architecture, such as:
- Servers and hosts;
- Firewalls and wireless access points; and
- Network protocols.
There are two types of tests: external and internal.
External infrastructure (network) penetration tests
External infrastructure tests combine automated scans and manual assessments to examine the vulnerabilities that might allow external attackers to access your systems.
Book an external network penetration test
Social engineering and phishing tests
Social engineering involves attackers manipulating victims into compromising their security, transferring money or providing sensitive information. A social engineering penetration test will assess your staff’s susceptibility to phishing and other types of social engineering.
Social engineering penetration tests
Social engineering penetration testing highlights vulnerabilities involving your employees and helps inform appropriate staff awareness training.
A Social Engineering Penetration Test will help you:
- Establish the publicly available information that an attacker could obtain about your organisation;
- Evaluate how susceptible your employees are to social engineering attacks; and
- Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks.
Book a Social Engineering Penetration Test
Phishing penetration tests
A Simulated Phishing Attack establishes your employees’ vulnerability to phishing emails and helps inform appropriate staff awareness training.
We send emails to your staff asking for sensitive information, such as usernames and passwords.
We will then assess their responses and create a report to help you understand where to focus staff training.
Book a Simulated Phishing Attack
Level 2 penetration testing
We offer a comprehensive testing service for organisations handling sensitive information that could have a critical impact if compromised.
Get a quick quote