Competitive pricing
Businesses of all sizes can benefit from a penetration test thanks to our competitive prices.
Complete range of penetration testing including app, network, infrastructure, cloud and much more.
Get a quoteA complete range of penetration testing customized to your exact requirements.
After your penetration test, your report will be hosted in our secure Defense.com platform. This will detail each vulnerability found during the test and provide remediation advice.
In addition to your PDF report, you can use Defense.com to quickly identify, prioritize, manage and remediate each threat, saving you time and resources.
Get a quoteBusinesses of all sizes can benefit from a penetration test thanks to our competitive prices.
Our comprehensive reports detail our findings, including remediation advice and guidance.
Our penetration testers are certified by globally recognized bodies such as CREST and OSCP.
Protect your business all year round with 12 months of free vulnerability scans as part of your pen test package.
Nick Fryer CTO, PaymentsenseWe’ve always been very impressed with the cyber security services Defense.com™ provide to us. Their professional approach, knowledge and flexibility have ensured they have become a key trusted partner in our supply chain.
Penetration testing, also known as pen testing, is a detailed test of your IT infrastructure security performed by specially trained and qualified ethical hackers – called penetration testers. Penetration tests simulate a real–world attack by a skilled hacker by methodically testing your applications and infrastructures for security weaknesses. Unlike a real attack, pen tests are conducted in an authorized, orderly and safe manner.
Penetration tests typically check for misconfigurations, outdated software and logical flaws. Pen testers will also look for ways to escalate privileges if they manage to gain access, making it important that even low-level systems are included in a pen test scope.
Penetration testing enables you to quickly find your security flaws, giving you the chance to fix them before a hacker exploits them. Penetration testing is highly beneficial to businesses of all sizes:
Regular penetration testing is a fundamental part of running a modern business. Cyberattacks increase steadily year–on–year across all markets and sectors, making pen testing a core consideration for businesses of all sizes.
In addition to keeping safe from cyber criminals, pen testing can help to increase customer confidence in your services. Regular penetration testing from a reputable provider such as Defense.com™ demonstrates that you take security seriously, which will prove to your existing and prospective customers that you can be trusted with their data.
There are many different types of penetration tests available. The scope of your test will depend on exactly what systems or applications you are looking to check. Here are some common types:
Infrastructure pen testing, also known as network pen testing, focuses on the hardware, firmware, and operating systems in your IT estate. This includes things like servers, network devices, and virtualized environments.
Application penetration tests focus on applications that are hosted on the underlying infrastructure, rather than the infrastructure itself. This could be web apps and APIs, or it could be mobile apps, such as iOS and Android penetration testing.
Cloud penetration testing audits the security of your cloud–based infrastructure, applications and services. AWS, Azure and GCP–hosted systems are the most commonly tested.
Internal infrastructure or authenticated application tests simulate the damage a malicious attacker could do if they were to breach your network perimeter or phish login credentials for an application. It’s a much more involved test, and also models the impact of a rogue employee or other insider threat.
External/unauthenticatedExternal infrastructure or unauthenticated application tests explore what damage a malicious hacker could achieve without privileged access. It’s a quicker test that models the more common ‘opportunistic’ type threat actor.
A Defense.com™ penetration testing engagement is split into several distinct stages:
This is where the scope is discussed and defined, and the ultimate goals of the pen test are analyzed and set. This stage will determine the types of testing activities and is essential for a professional and productive test outcome.
Having a good report is the key to getting good value from a penetration test engagement. Defense.com™ reports are split into Executive Summary and Technical Breakdown sections, and it includes crucial remediation advice.
The detail in pen test reports should include:
It’s a good idea to seek a sample report before engaging a pen test provider – this way you’ll know what you can expect to receive. If a report is full of jargon and difficult to decipher, its use to you is limited. Defense.com™ follows best–practice standards for undertaking a pen test, including OWASP and PTES.
When defining a penetration test, it is important to define how much information is disclosed up–front, also known as the box color:
A black box test is where almost nothing is known about the target environment ahead of the test. Whilst this positions the tester in a similar position to a real–world hacker, it means precious test time is wasted on simple discovery tasks.
A white box test is where everything about the environment, possibly even the source code, is known by the pen tester ahead of the test. Whilst this has the potential to make for a very thorough test, it’s not reflective of a real–world hack, and can cause the scope to become diluted.
There’s also a third option; as the name implies, a gray box test is a mix of white and black box tests, where the pen tester has limited information about the target environment. This is a ‘best–of–both–worlds’ approach and often leads to tests with the best – and most cost effective – outcomes.