CREST-Accredited Penetration Testing Services

Put your cyber defences to the test with comprehensive,
CREST-accredited penetration testing from IT Governance.

CREST-accredited penetration testing services from IT Governance

CREST is an international not-for-profit accreditation and certification body for technical information security companies.

As a CREST member company, IT Governance can give provide technical assurance that your cyber defences are effective.

Our experts will analyse your cyber security vulnerabilities to protect your organisation from cyber crime and data breaches.

Learn more about penetration testing

Speak to an expert

For more information about our CREST-accredited pen testing services, call us now on
+44 (0)333 800 7000, or request a call back using the form below.

Get in touch

Our penetration testing services

Our fixed-price testing packages are suitable for any organisation that wants to identify vulnerabilities targeted by cyber attackers.

Results are presented in a report that is ideal for small and medium-sized organizations with no prior security testing experience.

Organisations that need greater reassurance should consider a level 2 test.

Level 2 tests are more complex assessments that are tailored to your requirements following scoping. They will painstakingly identify security vulnerabilities in your hardware and software, systems or web applications and then try to exploit them.

Click for more information about our penetration testing services and how they can help secure your organisation:

Remote working penetration tests

A remote workforce leaves you open to many more threats than you faced with office-based staff.

With remote working now the norm for many companies, cyber security has never been more critical.

Our remote testing services will probe your remote access solutions and internal infrastructure that criminals might exploit.

Remote Access Penetration Test

Our Remote Access Penetration Test combines a web application and infrastructure test.

Performed remotely, it assesses your externally facing remote access solutions, looking for:

  • Inadequate/insecure authentication;
  • Weak configurations;
  • Default settings; and
  • Outdated software and patching levels.

Book a Remote Access Penetration Test

Certified Ethical Hacker (CEH) Course

Remote Compromise Penetration Test

Our Remote Compromise Penetration Test will identify:

  • Weak configurations (e.g. default settings);
  • Outdated software and patching levels;
  • Insecure authentication;
  • Weak permissions; and
  • Means of bypassing antivirus software.

Book a Remote Compromise Penetration Test

Infrastructure (network) penetration tests

Infrastructure tests probe for security flaws affecting your operating systems and network architecture, such as:

  • Servers and hosts;
  • Firewalls and wireless access points; and
  • Network protocols.

There are two types of tests: external and internal.

Certified Ethical Hacker (CEH) Course

External infrastructure (network) penetration tests

External infrastructure tests combine automated scans and manual assessments to examine the vulnerabilities that might allow external attackers to access your systems.

Book an external network penetration test

Internal pen test

Internal infrastructure (network) penetration tests

Internal infrastructure tests check for weaknesses in networks, operating systems, and other elements accessible to employees or contractors.

Learn more about internal network penetration tests

Social engineering and phishing tests

Social engineering involves attackers manipulating victims into compromising their security, transferring money or providing sensitive information. A social engineering penetration test will assess your staff’s susceptibility to phishing and other types of social engineering.

Certified Ethical Hacker (CEH) Course

Social engineering penetration tests

Social engineering penetration testing highlights vulnerabilities involving your employees and helps inform appropriate staff awareness training.

A Social Engineering Penetration Test will help you:

  • Establish the publicly available information that an attacker could obtain about your organisation;
  • Evaluate how susceptible your employees are to social engineering attacks; and
  • Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks.

Book a Social Engineering Penetration Test

Phishing penetration tests

Phishing penetration tests

A Simulated Phishing Attack establishes your employees’ vulnerability to phishing emails and helps inform appropriate staff awareness training.

We send emails to your staff asking for sensitive information, such as usernames and passwords.

We will then assess their responses and create a report to help you understand where to focus staff training.

Book a Simulated Phishing Attack

Other penetration tests and scanning services

Certified Ethical Hacker (CEH) Course

Wireless network penetration tests

Wireless tests examine security vulnerabilities affecting your wireless networks, including:

  • Information leakage and signal leakage;
  • Encryption vulnerabilities, such as wireless sniffing and session hijacking; and
  • Weak access controls.

Book a Wireless Network Penetration Test

Web application test

Web application (software) tests

Web application tests identify security vulnerabilities introduced during the development or implementation of software or websites, including:

  • Assessing web applications for vulnerability to attacks, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security.

Book a Web Application Penetration Test

Cloud configuration penetration tests

Cloud configuration tests:

  • Identify vulnerabilities and security misconfigurations in the defined Cloud infrastructure;
  • Attempt to exploit any identified vulnerabilities;
  • Create an ordered list of issues and their associated risk; and
  • Provide remediation advice for identified vulnerabilities.

Book a Cloud Configuration Penetration Test

Certified Ethical Hacker (CEH) Course

Vulnerability scans

Vulnerability scanning is an automated process that identifies, but does not assess, security flaws in your systems that cyber criminals might exploit.

With a monthly subscription to our Vulnerability Scanning Service, you can:

  • Scan for thousands of vulnerabilities, helping you see precisely what criminal hackers can see;
  • Receive a detailed report that gives you a breakdown of all your weak spots that need attention;
  • Act quickly to fix your security weaknesses before criminal hackers find and exploit them; and
  • Run and rerun scans as often as you like each month.

Learn more about vulnerability scanning

Red Team Assessment

Red Team Assessment

A Red Team Assessment is an investigation of an organisation’s security and defence against cyber attackers. The ‘red team’ is composed of experienced penetration testers. They will use any methods at their disposal to non-destructively gain access to your networks, systems and information.

Simulating real attacks from a threat actor’s perspective can:

  • Provide an understanding of how an attacker sees your organisation and attack surface;
  • Establish clarity around all potential targets such as critical assets; and
  • Assess your detection and response capability.

Attack scenarios can be crafted to emulate specific types of threat actor. We use traditional and non-traditional techniques to test your resilience to intrusion, fraud, data extraction, internal threats, corporate espionage and physical attacks.

Book a Red Team Assessment

PCI ASV Scanning

PCI ASV Scanning

Protect customer data with our scanning solution to meet PCI DSS requirement 11.2.2. It features:

  • An easy-to-use, self-managed, web-based scanning portal;
  • Detailed remediation guidance on identified vulnerabilities;
  • Unlimited scanning of your network;
  • Executive, Detailed and Attestation PCI reports available to download from the portal; and
  • An online SAQ (self-assessment questionnaire) available to download from the portal.

Book PCI ASV scanning

Level 2 penetration testing

We offer a comprehensive testing service for organisations handling sensitive information that could have a critical impact if compromised.

Get a quick quote

Why choose IT Governance?

CREST-accredited testing

We are a CREST-registered company and our penetration tests are performed by a team of expert security testers. This demonstrates that we have up-to-date knowledge and the skills to address the latest vulnerabilities and techniques used by real attackers.;

Straightforward pricing

Our fixed-cost packages are ideal for small and medium-sized organisations, or those with little or no penetration testing experience.

Diverse experience and expertise

Our team has experience with the PCI DSS, ISO 27001, and the GDPR.
 

Tailored options

We can offer scoping support and expertise for organisations with complex objectives and complex environments.

Our penetration tests comply with the Microsoft Rules of Engagement

We limit penetration tests to Azure clients’ assets to avoid affecting their customers or infrastructure.

Companies using our penetration testing services

airbus logo

priory logo

Reevoo logo

collinson logo

LEARN
FOR LESS
SAVE 25%