[ The Process ]

Whether you’re new to penetration testing, or just weighing various options, no doubt you’re going to want to understand what the project will look like from start to finish, before you commit. The process can be made simple, and of course we’re here to help throughout the project and beyond.


The first stage is for us to sit down and discuss your requirements. One of our experienced cybersecurity consultants will explore your goals for the project and the specifics of what you would like testing, to agree a scope of work. Here we can run your through your options for testing and answer any questions that you might have about the different kinds of testing and their pros and cons.


We review the size and complexity of your project, provide a competitive quote, and agree a date for the work to take place. Shortly before the state date we’ll be in touch to gather any additional information needed for the engagement, such as test credentials and specific target IP addresses. We’ll double check that we’ve got everything we need ready for the start of the assessment.


During testing, we’ll run through our entire testing methodology to ensure every aspect of the system is assessed and as many vulnerabilities as is feasible are discovered. In short, this will involve application and functionality mapping, vulnerability discovery, safe exploitation of vulnerabilities, and documenting the steps to recreate any issue discovered. If we discover a critical risk vulnerability, we’ll notify you as soon as possible.


The report begins with an executive summary detailing what the actual risk to the business is in plain English. This is followed by the testing narrative which aims to give you the “story” of the assessment, and in particularly will explain to your technical team how the assessor approached the application, how they discovered the key vulnerabilities, and how they chained issues together to demonstrate the impact that was possible. This is followed by the technical analysis where all the issues found during the testing will be included within the report, in priority order to allow you to focus your resources on the most critical findings.

Post-engagement Debrief

Some customers are just looking for a report with technical findings, and for those, the project can end when the report is received. However, our support doesn’t  end with the report. There are several additional ways that we can help your team post-project. For example, we can present the report in a debrief meeting and give you the “assessors view” of the findings. We can also assist in putting together a board presentation of the assessment results to help your team keep the board informed of the organisational risk. Additionally, we can work with your team directly to ensure that they implement the most effective fix for each issue found during the test.

The key takeaway is that we’re here to help, whether you’re a growing company looking for their first penetration test or an experienced team looking to bring in an independent view of your system security, we will tailor our approach to your needs.





    Play Cover Track Title
    Track Authors