Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn how open source threat intelligence can be used to defend against cyber-attacks. Join our webinar on August 4th.

Overview

What is penetration testing?

Penetration testing, also known as pentest or pentesting, describes the assessment of computer networks, systems, and applications to identify and address security weaknesses.

Redscan is an award-winning provider of cyber security penetration testing services. Our range of CREST penetration testing engagements help organisations to effectively manage cyber security risk by identifying, safely exploiting, and helping to remediate vulnerabilities that could otherwise lead to data and assets being compromised by malicious attackers.

Fixes vulnerabilities before they are exploited by cybercriminals
Provides independent assurance of security controls
Improves awareness and understanding of cyber security risks
Supports PCI DSS, ISO 27001 and GDPR compliance
Demonstrates a continuous commitment to security
Supplies the insight needed to prioritise future security investments

Why Pentesting

Why your organisation needs a pen test

With threats constantly evolving, it’s recommended that every organisation commissions penetration testing at least once a year, but more frequently when:

  • Making significant changes to infrastructure
  • Launching new products and services
  • Undergoing a business merger or acquisition
  • Preparing for compliance with security standards
  • Bidding for large commercial contracts
  • Utilising and/or developing custom applications

Vulnerabilities

Common security vulnerabilities

Some vulnerabilities just can’t be detected by automated software tools. By identifying and exploiting vulnerabilities that evade automated online scanning assessments, and providing clear help and advice to remediate issues, Redscan’s ethical hacking and security penetration testing services enable you to understand and significantly reduce your organisation’s cyber security risk.

All Redscan’s CREST pen testing engagements are confidential and unlike real cyber-attacks,  are designed to cause no damage or disruption. A Redscan pentest will help identify vulnerabilities including:

Insecure configurations

We look for open ports, use of weak password credentials and unsafe user privileges, as well as deep configuration issues that can be exploited to achieve network access.

Flaws in encryption

We check that the encryption methods being used to protect and transmit data are secure enough to prevent tampering and eavesdropping.  

Programming weaknesses

We examine software source code to identify code injection and memory flaws that could lead to the exposure of data. 

Session management flaws

We test whether cookies and tokens used by software applications can be exploited to hijack sessions and escalate privileges. 

A range of security assessment services

Get a quick quote

Get in touch

Types of penetration test

Network infrastructure testing

Network infrastructure testing

Redscan rigorously investigates your network to identify and exploit a wide range of security vulnerabilities. This enables us to establish if assets such as data can be compromised, classify the risks posed to your overall cyber security, prioritise vulnerabilities to be addressed, and recommend actions to mitigate risks identified.

Wireless testing

Wireless testing

Unsecured wireless networks can enable attackers to enter your network and steal valuable data. Wireless penetration testing identifies vulnerabilities, quantifies the damage these could cause and determines how they should be remediated.

Application and API security review

Application and API security review

Vulnerabilities contained within software are commonly exploited by cybercriminals and are easily introduced by under-pressure programmers. Redscan’s ethical hackers conduct automated and manual penetration tests to assess backend application logic and software and API source code.

Remote working assessment

Remote working assessment

If your organisation is embracing mass remote working for the first time, it’s important to ensure that it is doing so securely. Ensure your networks, applications and devices are protected and fully secured with a custom remote working security assessment.

Web application security testing

Web application security testing

Web applications play a vital role in business success and are an attractive target for cybercriminals. Redscan’s ethical hacking services include website and web app penetration testing to identify vulnerabilities including SQL injection and cross-site scripting problems plus flaws in application logic and session management flows.

Social engineering

Social engineering

People continue to be one of the weakest links in an organisation’s cyber security. Redscan’s social engineering pen test service includes a range of email phishing engagements designed to assess the ability of your systems and personnel to detect and respond to a simulated attack exercise.

Mobile security testing

Mobile security testing

Mobile app usage is on the rise, with more and more companies enabling customers to conveniently access their services via tablets and smartphones. Redscan carries out in-depth mobile application assessments based on the latest development frameworks and security testing tools.

Firewall configuration review

Firewall configuration review

Firewall rule sets can quickly become outdated. Redscan’s penetration testers can detect unsafe configurations and recommend changes to optimise security and throughput.

Reporting and remediation

Providing the support needed to address your vulnerabilities

To improve your organisation’s security, it’s important to not just continually identify vulnerabilities but also take action to address them. Our penetration testers supply clear remediation advice to help better protect your systems.

Here’s what you can expect to receive post-assessment: 

  • A detailed outline of all risks identified 
  • The potential business impact of each issue 
  • Insight into ease of vulnerability exploitation
  • Actionable remediation guidance 
  • Strategic security recommendations 

What Our Customers Say

4.8/5 - based on 49 Reviews
“The penetration testing that Redscan performed provided some very credible findings and outlined clear improvements that we were able to implement. The whole process raised the bar of our cyber security defences.”
Head of Cyber Security
Specialist Bank
"Redscan gave us the professional service and quick turnaround that we needed to meet our tight deadlines."
IT Manager
EVIA (formerly WMBA)
“Redscan’s hands on approach identified security flaws that had previously been overlooked by other vendors.”  
Technical Operations Manager
Spread Betting Firm
"Should I need any security testing again in the future, Redscan would be my first port of call!"
Project Analyst/Developer
STM Life
“We have been very impressed by the quality of Redscan’s engagement, communication and reporting. We will not hesitate to use them for any future testing requirements.”      
Information Security Officer
White Oak (formerly LDF)
“Redscan has given us a third party stamp of approval for our IT security and the reassurance to know we are as secure as possible.”
IT Manager
EVIA (formerly WMBA)

FAQs

Frequently asked questions

What is a pen test?

A penetration test is a form of ethical cyber security assessment designed to identify and safely exploit vulnerabilities affecting computer networks, systems, applications and websites so that any weaknesses discovered can be addressed in order to mitigate the risk of suffering a malicious attack.

What's the difference between a pen test and vulnerability scan?

While a vulnerability scan uses only automated tools to search for known vulnerabilities, a penetration test is a more in-depth assessment. Pentesting utilises a combination of machine and human-driven approaches to identify hidden weaknesses.

Who performs a penetration test?

Penetration testing is conducted by Redscan’s experienced red team of CREST accredited ethical hackers who possess an in-depth understanding of the latest threats and adversarial techniques.

What are the steps involved in a pen test?

CREST penetration testing services use a systematic methodology. In the case of a blackbox external network test, once the engagement has been scoped, the pen tester will conduct extensive reconnaissance, scanning and asset mapping in order to identify vulnerabilities for exploitation. Once access to the network has been established, the pen tester will then attempt to move laterally across the network to obtain the higher-level privileges required to compromise additional assets and achieve the objective of the pentesting engagement.

How is a penetration test conducted?

Penetration testing utilises the tools, techniques and procedures used by genuine criminal hackers. Common blackhat methods include phishing, SQL injection, brute force and deployment of custom malware.

What penetration testing tools are typically used?

Redscan’s penetration testers don’t rely on automated scanning applications. To detect hidden and complex vulnerabilities, they leverage a range of open source and commercial pentesting tools to manually perform tasks such as network and asset discovery, attack surface mapping and exploitation.

How long does a pentest take?

The time it takes an ethical hacker to complete a pentest is dependent upon the scope of the test. Factors affecting duration include network size, if the test is internal or external facing, and whether network information and user credentials are shared with Redscan prior to the pentesting engagement.

How often should pen testing be carried out?

All businesses are advised to conduct a penetration test at least once a year, as well as after any significant upgrades or modifications to the company network. Given the rapid rate at which new exploits are discovered, Redscan recommends that quarterly tests are performed. Regular penetration tests are often required for compliance with regulations such as PCI DSS.

Why is it important to use a CREST pentesting company?

Redscan is a member of CREST, an international certification body for information security and pentesting. By choosing our CREST penetration testing services, you can be sure that all assessments will be carried out to the highest technical and ethical standards. Our CREST certified penetration testers hold a range of cyber security certifications, demonstrating their ability to perform many types of penetration testing.

What happens after the pen testing is completed?

After each engagement, the ethical hacker(s) assigned to the test will produce a custom written report, detailing and assessing the risks of any weaknesses identified plus outlining recommended remedial actions. A comprehensive telephone debrief is conducted following submission of the report.

Can a pentest be performed remotely?

Many types of penetration testing can be performed remotely via a VPN connection, however some forms of assessment, such as internal network pen tests and wireless pen tests, may require an ethical hacker to conduct an assessment on site.

Should I use the same penetration testing supplier?

Working with a single supplier can have its pitfalls, as over-familiarity with an IT environment can mean that some exposures may be overlooked. Choosing a partner like Redscan, that invests in offensive security and employs ethical hackers specialising in a wide range of penetration testing types, can help to significantly reduce this risk while offering the added benefit of being a long-term, go-to, partner for support and advice.

Will a pen test affect business operations?

A Redscan penetration test is conducted in accordance with the strictest legal, technical ethical standards. Tests are designed to identify and safely exploit vulnerabilities while minimising the risk of disrupting business operations.

How much does a pen test cost?

The cost of a pentest is based on the number of days our ethical hackers need to achieve an agreed objective. To receive a pen test quotation, you will need to complete a pre-evaluation questionnaire, although Redscan’s experts can help you with this.

Expertise

Our security qualifications

Our London based team of ethical hacking experts possess the skills and experience to identify the latest threats.

Methodology

Our penetration testing methodology

Redscan’s security penetration testing services are based on a systematic approach to vulnerability identification and reporting. Our advanced pentest methodology includes:

01. Scoping
02. Reconnaissance and intelligence gathering
03. Active scanning and vulnerability analysis
04. Mapping and service identification
05. Application analysis
06. Service exploitation
07. Privilege escalation
08. Pivoting
09. Reporting and debrief
01.

Scoping

We work with you closely to define all assets that fall within the scope of the pen test.

02.

Reconnaissance and intelligence gathering

We gather publicly available information using open source techniques (OSINT) to build intelligence that could be used to compromise your organisation.

03.

Active scanning and vulnerability analysis

We conduct a full assessment of network infrastructure and applications to obtain a complete picture of your organisation’s attack surface.

04.

Mapping and service identification

We research and gather detailed information about target systems.

05.

Application analysis

We perform an in-depth audit of applications residing on target hosts to identify security vulnerabilities to exploit.

06.

Service exploitation

We attack identified vulnerabilities to gain access to target systems and data.

07.

Privilege escalation

We attempt to compromise a privileged account holder, such as a network administrator.

08.

Pivoting

We use compromised systems as a mechanism to attack additional assets.

09.

Reporting and debrief

We provide a manually-written pentest report that includes an executive summary and recommendations about how to effectively address identified risks.

Why Redscan

A trusted partner for pen testing

  • One of the highest accredited UK pentesting companies
  • A deep understanding of how hackers operate
  • In-depth threat analysis and advice you can trust
  • Complete post-test care for effective risk remediation
  • Multi award-winning offensive security services
  • Avg. >9/10 customer satisfaction, 95% retention rate
Cyber Security Awards Winner 2019 logo

Get a Pen Test quote now

Complete the form for a prompt response from our team.

Get a Pen Test from the Redscan team

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
13th July 2020
‘123456’ still the most popular online password

An analysis of over a billion breached credentials has revealed that one in every 142 people uses the password '123456', increasing their vulnerability to hackers.

7th July 2020
Significant rise in volume and size of fines for data breaches predicted
A new study has suggested that the number and value of fines for data breaches will increase dramatically between now and 2025. This is thought to be because employees have access to more data than ever before.
26th June 2020
One million phishing scams reported to NCSC in just two months
The UK’s National Cyber Security Centre (NCSC) has received one million reports of scam emails since launching its new reporting service in April. More than half of online scams reported were fake cryptocurrency investment lures.