Comprehensive penetration testing services delivered by certified experts

Complete range of penetration testing including app, network, infrastructure, cloud and much more.

Get a quote
CREST approved CREST approved CREST approved
Payment card industry data security standard Payment card industry data security standard Payment card industry data security standard
ISO 27001 certified ISO 27001 certified ISO 27001 certified
ISO 9001 certified ISO 9001 certified ISO 9001 certified

Choose the penetration testing package that best suits your needs

All our pen tests include:

Vulnerability scans for 12 months Vulnerability scans for 12 months
Pen testing certificate Pen testing certificate
Report with prioritized threat list Report with prioritized threat list
Dedicated account manager Dedicated account manager
Expert remediation advice Expert remediation advice
CREST Certified CREST Certified
Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH)
CompTIA Cybersecurity Analyst CompTIA Cybersecurity Analyst
Certified Information Security Manager (CISM) Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP) Certified Information Systems Security Professional (CISSP)
Offensive Security Certified Professional (OSCP) Offensive Security Certified Professional (OSCP)

Our penetration testing team

We pride ourselves on building and developing the best cyber talent to ensure our service is as evolutionary as the threat landscape. Our team of 30+ penetration testers are qualified against the leading industry standards and have years of experience delivering all types of penetration tests.

Defense.com™ Threat Management

Smart report delivery and remediation advice

After your penetration test, your report findings will be hosted in your secure Defense.com™ platform. Each vulnerability found during the test will be detailed along with actionable remediation advice.

In addition to your PDF report, each vulnerability highlighted during the test will be added to your Threat Dashboard so you can quickly identify, prioritize and remediate the threats affecting your business.

Get a quote

Penetration testing methodology

Most penetration testing follows a 6-step lifecycle:

Why choose Defense.com as your penetration testing company?

Competitive Pricing

Competitive pricing

Businesses of all sizes can benefit from a penetration test thanks to our competitive prices.

Dashboard reporting

Dashboard reporting

Track your report findings, prioritize threats and access remediation advice within the Defense.com™ platform.

Certified Experts

Certified experts

Our penetration testers are certified by globally recognized bodies such as CREST and OSCP.

Free Vulnerability Scans

Free vulnerability scans

Protect your business all year round with 12 months of free vulnerability scans as part of your pen test package.

Protecting the world’s leading brands

Dell logo
Ocado logo
Agilico logo
Blue Zinc logo

Get a quote today

If you’re interested in our services, get a free, no obligation quote today by submitting your requirements via the form below.

Penetration testing FAQs

Penetration or pen testing, assesses your IT infrastructure security by methodically testing your systems and applications. Pen tests are carried out by skilled ethical hackers, called penetration testers, to find weaknesses and misconfigurations in your cybersecurity that could put your business at risk.

Penetration testing enables you to quickly find your security flaws, giving you the chance to fix them before a hacker exploits them. Penetration testing is highly beneficial to businesses of all sizes:

  • Keep hackers out of your infrastructure
  • Prevent data breaches
  • Increase customer confidence in your services
  • Enhance your reputation
  • Follow security best practices
  • Meet your compliance obligations

Regular penetration testing is a fundamental part of running a modern business. Cyberattacks increase steadily year-on-year across all markets and sectors, making pen testing a core consideration for businesses of all sizes.

In addition to keeping safe from cyber criminals, pen testing can help to increase customer confidence in your services. Regular penetration testing from a reputable provider such as Defense.com™ demonstrates that you take security seriously, which will prove to your existing and prospective customers that you can be trusted with their data.

There are many different types of penetration tests available. The scope of your test will depend on exactly what systems or applications you are looking to check. Here are some common types:

  • Infrastructure pen test

    Infrastructure pen testing, also known as network pen testing, focuses on the hardware, firmware, and operating systems in your IT estate. This includes things like servers, network devices, and virtualized environments.

  • Application pen test

    Application penetration tests focus on applications that are hosted on the underlying infrastructure, rather than the infrastructure itself. This could be web apps and APIs, or it could be mobile apps, such as iOS and Android penetration testing.

  • Cloud pen test

    Cloud penetration testing audits the security of your cloud-based infrastructure, applications and services. AWS, Azure and GCP-hosted systems are the most commonly tested.

Internal/authenticated

Internal infrastructure or authenticated application tests simulate the damage a malicious attacker could do if they were to breach your network perimeter or phish login credentials for an application. It’s a much more involved test, and also models the impact of a rogue employee or other insider threat.

External/unauthenticated

External infrastructure or unauthenticated application tests explore what damage a malicious hacker could achieve without privileged access. It’s a quicker test that models the more common ‘opportunistic’ type threat actor.

A Defense.com™ penetration testing engagement is split into several distinct stages:

  1. Pre-engagement

    This is where the scope is discussed and defined, and the ultimate goals of the pen test are analyzed and set. This stage will determine the types of testing activities and is essential for a professional and productive test outcome.

  2. Intelligence gathering

    Reconnaissance is performed to gather as much info as possible on the target systems. This data then informs what types of attack vectors the pen test will make use of.
  3. Vulnerability analysis

    This stage seeks to uncover every security flaw in the target networks/systems/applications (as appropriate), using both passive mechanisms and active scans.
  4. Exploitation

    This is where the vulnerabilities discovered in the previous phase are exploited in an attempt to gain access. It can involve a mix of pre-made and bespoke tools, and is where the insight and ingenuity of the pen tester comes into play.
  5. Post-exploitation

    Here the worth of the compromised targets is assessed, in their own terms and as opportunities to escalate privileges and to pivot to more valuable systems. Crucially, compromised targets will be cleaned of any tools used during the exploitation phase to ensure that security is not harmed by the pen test activities.
  6. Reporting

    Having a good report is the key to getting good value from a penetration test engagement. Defense.com™ reports are split into Executive Summary and Technical Breakdown sections, and it includes crucial remediation advice.

The detail in pen test reports should include:

  • All risks based on the current server/application setup/configuration
  • Vulnerabilities and running services for the servers and applications
  • What has been done to exploit each security issue
  • Remediation steps
  • Near-term and long-term actions
  • Vulnerabilities that cannot be exploited must also be included in the final report

It’s a good idea to seek a sample report before engaging a pen test provider – this way you’ll know what you can expect to receive. If a report is full of jargon and difficult to decipher, its use to you is limited. Defense.com™ follows best–practice standards for undertaking a pen test, including OWASP and PTES.

When defining a penetration test, it is important to define how much information is disclosed up-front, also known as the box color:

  • Black Box

    A black box test is where almost nothing is known about the target environment ahead of the test. Whilst this positions the tester in a similar position to a real-world hacker, it means precious test time is wasted on simple discovery tasks.

  • White Box

    A white box test is where everything about the environment, possibly even the source code, is known by the pen tester ahead of the test. Whilst this has the potential to make for a very thorough test, it’s not reflective of a real-world hack, and can cause the scope to become diluted.

  • Gray Box

    There’s also a third option; as the name implies, a gray box test is a mix of white and black box tests, where the pen tester has limited information about the target environment. This is a ‘best-of-both-worlds’ approach and often leads to tests with the best – and most cost effective – outcomes.

Yes! At Defense.com™ we have qualified pen testers with a wide range of experience in all kinds of infrastructure, network, application and cloud penetration testing. No matter what your security objective, get in touch with our friendly team for a fast, accurate quote.

Subscribe

Get actionable cyber security advice and insights straight to your inbox.