penetration testing services

Identify weaknesses and vulnerabilities before hackers or bots do.

What is Penetration Testing?

Penetration Testing, also known as Pen Testing or Pentesting, is a service offered to companies as a method of exposing weaknesses in their computer networks, systems or applications.


During a test, cyber attacks are safely simulated through various methods in order to gain access to a network and determine which aspects contain the most security vulnerabilities. 


Once these weaknesses have been discovered, steps to close these gaps are suggested leaving you to implement the changes and feel confident that your network will be strong enough to withstand a hostile attack.


Picture this – when looking to repair a puncture in a bike tire, you place the innertube into a bucket of water and watch for the bubbles. 


This same principle applies to your IT Network, but as your network is definitely not something you want to drop into the water, the best way to detect where the leaks might occur is through a penetration test.

A man wearing headphones performing a penetration test
A Full Service Approach

The Types of Pen Testing we offer

Staying One Step Ahead

Why does your business need pen testing?

The most important times to perform a pen test are when:

You’ve recently made changes to your infrastructure
You’ve recently undergone a merger or acquisition
You’re looking to comply with Security Standards (see our Cyber Essentials Support)
You’re launching new services or applications
You’re bidding on new commercial contracts
You’ve not performed any Penetration Testing recently.

How often do you really need to Pen Test?

The standard recommendation for a Penetration Test is yearly due to the increasing number of threats and methods attackers have access to, however, it can be as often as monthly if circumstances require.

If you find yourself using Penetration Testing services with a high degree of regularity, we suggest you review the solutions available from RS22 in DAST (Dynamic Application Security Testing) and BAS (Breach & Attach Simulation). These solutions are continuous and prevent many common mistakes occurring. 

Standard Penetration vs Continuous Penetration Testing

There are some core differences between a standard Penetration Test, and Continuous Penetration Testing.

Standard Penetration

A standard Penetration Test is a review of your network at a single moment in time and provides comprehensive and detailed coverage of your current position. It uses both automated and human creativity and knowledge to review any and all methods to gain access to your network. After this, you receive a report suggesting the changes you can make for maximum security value. However, any changes you make after this can cause new gaps to appear.

Continuous Penetration

Continuous Penetration Testing is an automated software that prevents a user or team from publishing mistakes in configuration or coding that could be exploited by attackers at a later stage. See our page on BAS (Breach & Attack Simulation) and DAST (Dynamic Application Security Testing) for more information.

Common Security Vulnerabilities Identified in a Pen Test

Knowledge is power. And knowing where your weakest areas are allows you to improve them and become stronger in that area. Here is a list of the areas of discovery that your Penetration Test can provide.

The Core Stages of a Penetration Test

Knowledge is power. And knowing where your weakest areas are allows you to improve them and become stronger in that area. Here is a list of the areas of discovery that your Penetration Test can provide.

1. Scoping

Together we define the expectations of the Pen Test such as type of test, times & dates and other requirements that will be necessary. We agree on a price depending on your business circumstances and the amount of work involved, usually, it is evaluated on the number of days over which the Penetration Test will take place. This can be anywhere from 3 days to 4 weeks.

2. Order

You confirm that you’re happy with the agreement and authorise the relevant paperwork.

3. Testing

As each test is different, and many businesses use a pick-and-mix style of selection relative to their own needs, the testing takes place on the agreed days. You will ensure that our testers have access to the site on the required days, if you are seeking tests which require a physical tester.

4. Reports

Once the work is done, we generate the relevant reports and provide them to you.. The reports we generate will come with a complete description of each identified issue, advice on how to remedy them and evidence of the issues wherever necessary.

5. Remediation

This bit is usually up to you. We’re happy to help should you require additional support or tools, but many agree that knowing what to do is half the battle and the other half is just getting on and plugging the gaps.

Frequently Asked Questions (FAQs)

As often as necessary. The more frequently you make changes to your infrastructure or services, the more probability there is that a gap can open up in your defences. Some businesses like to perform them on a regular basis either monthly, quarterly or annually depending on the number of changes they’ve implemented.

Depending on the size and scale of the business as well as the number of elements under scrutiny, a Penetration Test can take anything from a few days to three or four weeks. The testing process is only a portion of the total time required, as our agents will then generate the reports and evaluate the most suitable remediations for your business as a unique entity.

This varies considerably and is best when discussed directly with a representative. Your quote will depend on the size of your network, the type of testing package you opt for, the required number of days and the number of days required to generate the reports. The question you should ask yourself is “How much would it cost my business to be the target of a successful malicious cyber-attack?” and work backwards from there.

Yes, some parts of a penetration test can be performed remotely. However, some form of attacks may occur on the business premises – to assess and measure these vulnerabilities, an onsite assessment may be required.

We generate the reports which include the issues discovered, the remediation advice to help resolve those issues and the evidence of the potential impact of those issues wherever necessary.

The Pentest is performed by one of our CREST accredited partners.

Reliable. Secure.

RS22

Unit 5, Three Spires House, Station Road, Lichfield, Staffordshire. WS13 6HX

Sales? Questions? Chat?

Connect With RS22