Penetration Testing

Testing your cyber security controls to uncover the open doors and defending you against real-world hacking threats - with our CREST-certified pen testing services.

Uncover the open doors in your cybersecurity defences

Our experienced CREST-certified pen testing professionals attempt to breach your security controls and gain unauthorised access to your business data – using the same techniques a hacker would use.

In addition to CREST certified traditional & manual penetration testing services, Comtact also delivers an automated solution, allowing your business to run daily pen tests with a click of a button.

What’s involved in a penetration test?

Network penetration testing (external)

Reveal real-world exploitable vulnerabilities on systems, services & applications exposed to the internet.

Network penetration testing (internal)

Whether an attacker with access to internal systems or a rogue employee, understand your internal network risks.

Web application penetration testing

Identify vulnerabilities on your web applications which could lead to unauthorised access or data exposure.

Simulated phishing and social engineering

Assess and understand your susceptibility to human manipulation via email, phone, media drops, and physical access

What does a network penetration test involve?

Using the same techniques a hacker would use – but with a defined and controlled methodology, our skilled pen testers use the full range of strategies in their toolkit to replicate a ‘real-world’ cyber attack – a highly effective test of your security defences.

After gathering intelligence from publicly available sources to identify opportunities and vulnerabilities to exploit we would attempt to exploit identified vulnerabilities to confirm the risk to your organisation.

What are the goals of a penetration test?

To determine feasibility of a particular set of attack vectors, identify any vulnerabilities which are present, identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software, and assess the potential business and operational impacts of successful attacks.

What is Black box and White box pen testing?

Black box: A penetration test performed without any influence or direction from the business on what vectors to attack.

White box: A penetration test performed according to pre-determined guidelines set out by the client.

Grey box: A penetration test performed with partial guidance, like a map of the network, but where other aspects must be achieved during the project, like administrative access.

Automated Penetration Testing

The largest benefit of automated pen-testing is that it removes the risk of your manual pen test being out of date when new users, devices and applications are added to the network – potentially introducing new risks and vulnerabilities. Manual pen-testing is time consuming, automating it ensures you can validate your cybersecurity posture whenever you need to.

Request a sample penetration test report

Summary: Overview of key threats and business risks, in a high-level format suitable for non-technical Directors.

Technical: Outlines the steps taken by Comtact’s testers to breach the network/defences, remediations and supplemental information suitable for IT teams.

Risk scoring: Report includes a vulnerability scoring system to rate issues discovered, based on severity.

Remediation & next actions: Recommendations and guidance on the steps necessary to remediate discovered issues.