Penetration Testing

Cyber threats are evolving. Are you confident your systems can withstand an attack? Our penetration testing identifies weaknesses so you can fortify your defences.

Request Quote
Contact Us

    Request A Callback

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    About Penetration Testing

    Indelible Data offers expert penetration testing services designed to identify and mitigate vulnerabilities before they can be exploited.
    Led by industry veteran Tony Wilson, our team of certified ethical hackers brings unparalleled expertise to every engagement.

    With over 2,500 Cyber Essentials Certificates issued and extensive experience in delivering Accredited Cyber Essentials training, we understand the complexities of safeguarding your digital assets. Let us help you build a robust defence against cyber threats.

    Services We Offer

    Web Application Testing

    Web Application testing attempts to gain access to your application, initially without any credentials, to test the site’s access controls. In addition to this, the tester will require full access to ensure all functionality, such as web forms, databases, scripts and upload screens, are configured securely.

    External Infrastructure Testing

    External infrastructure testing finds weaknesses in any ports or services that are open to the internet. If web services are found, configuration and other issues are detected, such as weak credentials or vulnerable components, we will then try to access the site without credentials.

    Internal Infrastructure Testing

    Internal infrastructure testing mimics the scenario where an attacker has landed on your network. This could be via a malicious link that has been clicked by a user, guessing the WiFi Password or plugging in to an unattended network port. Tests are initially conducted without credentials and then with standard user credentials to represent a compromised laptop on the network.

    Get started, with our scoping form

    Request Quote

    Client Testimonials

    Achieving Cyber Essentials Plus and utilising the Penetration testing service offered by Indelible Data has not only given internal stakeholder confidence of our security posture but also provides assurance to a UK recognised benchmark of Cyber Security to our existing and potential customers. Meeting this trusted standard for Cyber Security can be seen as an business enabler and has provided us greater opportunities to not only tender for potential new contracts but also deepen relationships with existing customers.

    ‘Our Technical Security Audit by Indelible Data was effective and the comprehensive report could be understood by colleagues at all levels within the organisation’

    Our Recommended Stages of Security Management

    Our recommended layered security strategy begins with building a strong foundation through certifications like Cyber Essentials. We then fortify your defences with ThreatSure, our monthly vulnerability scanning service and in-depth cyber audits. To truly test your resilience, our expert penetration testing team simulates real-world attacks, identifying weaknesses before cyber criminals can exploit them. This proactive adaptable approach ensures your business is protected at every level by choosing the right starting point for your company.

    Which Is Right For You?

    Options
    Vulnerability Scanning
    Cyber Essentials Plus
    Penetration Testing
    External Infrastructure
    Internal Infrastructure
    Testing bespoke systems
    Cloud hosted Websites
    Device URL / Email handling
    Using default password lists
    Using bespoke password lists
    Mapping Networks
    Exploiting weaknesses
    Producing an attack map
    Continuous Monitoring

    Need More Information?

    Get In Touch

    Frequently Asked Questions

    A Penetration Test, also known as a pen test or ethical hacking, is a simulated cyber attack performed by a qualified security professional with the permission of the organisation being tested. Penetration Tests can be performed on a variety of different targets, including networks, web applications, and mobile devices.  

    Vulnerability Scanning is an automated approach that probes a given system to help identify vulnerabilities, without actually exploiting the weaknesses found, whereas Penetration Tests are a detailed check, performed by a human, that probes a system using proven methodologies, skill and experience, that follows avenues that are not open to vulnerability scanners, in an attempt to exploit the weaknesses found. 

    Contractual obligations, the sensitivity of the information being protected, the possible impact a breach could cause, together with budget, all play a part in helping a company decide whether to opt for a Vulnerability Scan or to venture into the area of Penetration Testing. More information can be found in our blog

    Once the findings have been understood, it is important to prioritise the systems to be fixed – the report should give a good indication of this, but company employees will understand the impact of a breach of a given system better than the Penetration Tester. 

    Contractual agreements often require annual Penetration Testing, however the frequency may change should there be a critical change to the network or the introduction of a major new system. 

    • Cyber Essentials Plus is a technical check of a sample of devices to certify a company’s compliance to a baseline defined by the National Cyber Security Centre (NCSC).  

    If the sample tested is a true reflection of each device, then the company has guarded against the majority of the common threats from the internet.  

    • A Penetration Test goes much further and involves human intuition to attempt to exploit weaknesses that may still remain after a Cyber Essentials Plus assessment, such as: 
    • Guessable user passwords assembled from information found on the company’s website or social media. 
    • Cracking WiFi passwords to access the company network 
    • Finding file servers that have been misconfigured and can therefore be accessed by staff who should not have such permission. 
    • Identifying how far an intruder could go if, for example, a user downloaded a malicious file in error that allowed the attacker to access the network via the compromised machine. 
    • You must sign the Rules of Engagement document that outlines all the testing that is permitted, tests that are forbidden, and exploit attempts that may only go ahead with specific authorisation after a weakness has been found. 
    • Ensure there is a full backup of key systems that are in scope of the testing. 
    • You should aim to have the relevant people available to ensure the test goes to plan, this includes: 
    • Technical staff to authorise a given test or fix a system should a test have an unintended effect upon a system. 
    • Users of the systems that are in scope should the tester have any queries or concerns with the testing. 
    • Staff that can make decisions upon whether a test should go ahead at a given time (for example, testing the accounts servers at a peak time during a financial year-end). 

    The cost of a Penetration Test depends on the scope and complexity of the testing. Factors effecting the cost include number of applications, the depth of the testing and size of your infrastructure. To obtain a quote please complete our Scoping Form here.

    Typical engagements are generally scoped for 3-5 days, but can be longer. 

    • As with all things relating to technology, unexpected things can happen. We will work with you to identify key systems and schedule testing at appropriate times, for example when the relevant IT teams are available. This is also covered in the above FAQ entitled “What should I prepare before a Penetration Test begins?” 
    • Our Penetration Testers work very closely with you and keep you informed throughout the day of systems that have been checked, and systems that are about to be checked, especially if some exploit attempts require a lot of bandwidth (for example, brute-force password guessing attempts). 

    Our Accreditations

    Client logo
    Client logo
    Client logo
    Client logo
    Client logo
    Client logo