CREST-accredited penetration testing services
Our team of CREST-accredited consultants will apply robust methodologies to provide you with the technical assurance you need. By adopting a threat-based approach, we can deliver a realistic and targeted appraisal of the current state of your security and the risks attackers pose to your business.
COVID-19: remote delivery options
We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.
Penetration testing solutions
Our fixed-cost packaged penetration tests are suitable for organisations that want to identify the common exploitable weaknesses targeted by opportunistic attackers using freely available, automated attack tools. They are ideal for small and medium-sized organisations, or those with no prior experience of security testing.
Findings are presented in a comprehensive report that explains the identified vulnerabilities and how to remediate them, and allows you to assess your organisation’s relative business risk
External Infrastructure (Network) Penetration Test
An external infrastructure network penetration test aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services. Testers will attempt to access your network the way an attacker might in order to gain unauthorised access and control.
Reporting output
An IT Governance certified tester will analyse the test results and provide a full report on the security vulnerabilities within your infrastructure.
Learn more about our external network penetration testing services
Benefits of an external infrastructure (network) penetration test
- Identify any patches that need to be installed.
- Reconfigure software, firewalls and operating systems.
- Identify needs for encryption or more secure protocols.
- Can be used to help meet the requirements of the PCI DSS (Payment Card Industry Data Security Standard) and ISO 27001.
Pricing per year
- One-year package: £2,250
- Two-year package: £2,125 (save 5%)
- Three-year package: £2,000 (save 10%)
Find out more about our external infrastructure (network) penetration testing packages
Web Application Penetration Test
A web application penetration test aims to assess the key components of your web applications and supporting infrastructure, including how these components are deployed and how they communicate with users and server environments.
Reporting output
An IT Governance certified tester will analyse the test results and provide a full report on the security issues stemming from insecure development practices in the design, coding and/or publishing of software on your website.
Learn more about our web application penetration testing services
Benefits of a web application penetration test
- Keep untrusted data separate from commands and queries.
- Develop strong authentication and session management controls.
- Improve access control.
- Discover the most vulnerable attack routes.
- Find any loopholes that could lead to the theft of sensitive data.
- Can be used to help meet the requirements of the PCI DSS and ISO 27001.
Pricing per year
- One-year package: £3,450
- Two-year package: £3,250 (save 5%)
- Three-year package: £3,083 (save 10%)
Find out more about our web application penetration testing packages
Wireless Network Penetration Test
A wireless network penetration test is generally used to detect access points and rogue devices, analyse your configurations and test for vulnerabilities so that you can implement security controls to prevent an attack.
Reporting output
An IT Governance certified tester will analyse the test results and provide a full report on any identified rogue or open access points, vulnerabilities, inconsistencies and/or misconfigurations in your network.
Learn more about our wireless network penetration testing services
Benefits of a wireless network penetration test
- Detect default Wi-Fi routers.
- Identify rogue or open access points.
- Establish misconfigured or accidentally duplicated wireless networks.
- Detect security vulnerabilities in Bluetooth technology.
- Identify insecure wireless encryption standards (such as WEP).
- Can be used to help meet the requirements of the PCI DSS and ISO 27001.
Pricing per year
- One-year package: £2,250
- Two-year package: £2,125 (save 5%)
- Three-year package: £2,000 (save 10%)
Find out more about our wireless network penetration testing packages
Combined Infrastructure and Web Application Penetration Test
A combined penetration test package that enables a full assessment of the key components of your organisation’s websites, web applications and external network infrastructure.
Reporting output
An IT Governance certified tester will analyse the test results and provide a full report on the identified vulnerabilities and the most likely route for attack.
Benefits of a combined penetration test
- Get real-world insight into your organisation’s vulnerabilities.
- Discover the most likely attack route.
- Find any loopholes that could lead to the theft of sensitive data.
- Can help achieve ISO 27001 compliance by meeting control objective A.12.6 requirements.
Pricing per year
- One-year package: £4,500
- Two-year package: £4,250(save 5%)
- Three-year package: £4,000 (save 10%)
Find out more about our combined penetration testing packages
Simulated Phishing Attack
A simulated phishing attack identifies whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security position.
Reporting output
An IT Governance certified tester will analyse the test results and provide a full report on your employees’ susceptibility to phishing attacks and gaps in their awareness.
Learn more about our simulated phishing attack services
Benefits of a simulated phishing attack
- Quickly find out if there is an internal awareness problem.
- Determine who to enrol in training after they fall for an attack – an effective way to change end-user behaviour.
- Craft campaigns based on the experiences and threat analysis of our expert security testing team.
Pricing per year
- One-year package: £2,995
- Two-year package: £5,850 (save 5%)
- Three-year package: £7,800 (save 10%)
Find out more about our simulated phishing attack packages
More extensive penetration testing (Level 2)
If your organisation handles sensitive information where a compromise could have a critical impact and you require a higher level of assurance, please contact us.
Contact us
Why choose IT Governance?
CREST-accredited
Our penetration tests are performed by a team of CREST-accredited security testers.
Diverse experience and expertise
Our team has experience across a diverse set of disciplines and standards, such as the PCI DSS, ISO 27001 and the EU GDPR (General Data Protection Regulation).
Straightforward pricing
Our fixed-cost packages are ideal for small and medium-sized organisations, or for those with little or no experience of penetration testing.
Tailored options
Our team can provide additional scoping support and expertise for organisations with more complex objectives that need a more detailed exploration of complex environments.
Our penetration tests comply with the Microsoft Rules of Engagement
For Azure clients, this means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.
Companies using our penetration testing services
Speak to an expert
For more information and guidance on penetration testing or packages that IT Governance offers, please contact our experts who will be able to discuss your needs further.