CREST Approved Penetration Testing helps Identify your weaknesses

Our CREST Approved Penetration Test service is a CREST approved, regulated, full-scope, multi-layered attack simulation, orchestrated from the perspective of a malicious threat actor, designed to measure how prepared your infrastructure, applications, people, processes and technologies can defend and withstand an attack from a real-life adversary, while uncovering potential risks and security vulnerabilities.

Penetration Testing is important for organisations of all sizes and the traditional style of penetration testing has done the job for many years. Now, however, a well structured and scoped penetration test needs to me more than a simple point in time test.

The Next Generation of Penetration Testing

We offer our Next Generation of Penetration Testing as standard. Our service is built around a traditional Penetration Test that you can buy from one of our competitors. Our differentiator is that we go far beyond just that traditional penetration test. We provide, through our client portal, additional services that enhance your Penetration Test to provide that next generation of security testing coverage. But if you still need that single point in time, traditional penetration test then we can still help.

Each pentest is consultant-led, with support from one of the project managers. These services have the results and consultant's narrative uploaded to the client portal where cusyoutomers can interact with the findings rather than reading from a very large static report. You can also export the findings as CSV files, integrate the portal into Jira and download PDF reports.

If you still need that single point in time, traditional penetration test then we can still help.

Explore the Demo Portal

Use the link in the top right to log into the portal. The credentials are:

Username: demo@democlient.llc
Password: Demo-Password-2021

Our Penetration Testing Services

  • Infrastructure Penetration Testing

    Assess and measure your security posture through Infrastructure Penetration Testing to allow you to manage the identified issues.


    > Find out more
  • Web Application Penetration Testing

    Assess your critical Web Applications for Security Vulnerabilities with a Web Application Penetration Test.


    > Find out more
  • Remote Working Assessments

    Assess the configuration of your VPN Security to ensure a misconfiguration or vulnerability is not allowing external access to your corporate network.


    > Find out more
  • Phishing & Social Engineering

    Research, develop and manage an assessment of the security of your people and processes utilising the latest techniques in Penetration Testing.


    > Find out more
  • IoT Penetration Testing

    Assess the security and configuration of your IoT devices to allow you to embrace secure IoT operations in your organisation.


    > Find out more
  • Cyber Security Health Check

    Assess, and secure, all the technology deployed within your organisation is a root to branch Cyber Security Health Check.


    > Find out more

Different Types of Penetration Testing

We provide all the common types of penetration testing. If you need something not listed below, just get in touch.

  • Cyber Security Health Check

    Cyber Security Health Check

    A Cybersecurity Health Check is essential in establishing a solid foundation upon which to build your cybersecurity infrastructure and will help you identify your weakest security areas, it will also recommend the appropriate actions to mitigate any potential risks that we discover. A cyber health check will provide you with a detailed report describing your current cyber risk status and will leverage best practices, like ISO 27001, CIS 20 Critical Controls and NCSC guidance, to provide recommendations for reducing your overall cyber risk footprint. Ultimately the health check is all about helping you to uncover your cybersecurity weak spots before the attackers do and can help you identify your weakest security areas.

    Why is it important

    Understanding where your weaknesses exist is key to ensuring solid cyber security coverage for your business or organisation. With the Hedgehog Cyber Security Health Check you will understand where your weaknesses exist and how to best leverage your existing technology to deal with them.

  • Embedded / IoT Device Testing

    Embedded / IoT Device Testing

    Embedded and IoT devices are becoming more commonplace within businesses and many potential purchasers are starting to look for comfort around the security of the devices. Making sure that these IoT (internet of things) devices are correctly maintained and secured is critically important to all businesses. Our Embedded and IoT Device testing service will put your system through a comprehensive set of more than 200 tests to ensure that it is fully hardened and secured. Please see the conditions section below for more information on what is included.

    Why is it important

    Our testing service identifies vulnerabilities and security weaknesses that are present within your IoT device. We test for weaknesses and vulnerabilities that often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls.

    Our Embedded and IoT device penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure

    What the test entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Conduct a number of physical, hardware-based attacks;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores; and
    • Identify a list of recommended countermeasures to address any identified vulnerabilities;
    • Include an executive summary that explains what the risks mean in business terms.

  • Internal Infrastructure Penetration Test
    Your IT Infrastructure and connected systems are the nervous systems of your business. Making sure that it is maintained and healthy is critically important to all businesses.

    Why Infrastructure Penetration Testing is Important

    Our Infrastructure Penetration Test identifies vulnerabilities and security weaknesses that are present within your networks and connected systems. Internal infrastructure-related weaknesses and vulnerabilities often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls. Criminals exploit these through malware, phishing and social engineering attacks to gain access to previously private resources.

    Our Infrastructure penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure

    What an Infrastructure Penetration Test Entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

    Our SMB Package

    Our small business package will test your internal network of up to 20 workstations:

    • Testing of 20 workstations using the OSSTMM methodology.
    • Live test progress via our Pentesting as a Service portal.
    • Completed in 2 days.
    • Testing performed via our testing appliance which will be sent out to you prior to the test start date.
  • Mobile Applications

    Mobile Application Penetration Testing

    Your mobile applications are an extension of your business in the hands of your clients. Mobile Application Penetration Testing is all about testing those apps. Making sure that your mobile applications are well secured and conform to all of the current data protection legislation is paramount. It is equally important to make sure that the endpoints your mobile applications talk to are well secured, so attackers are not able to access sensitive data from them.

    Our mobile application testing package will test one android or apple mobile application from three perspectives. We will test the static application and look for code weaknesses. We will test the application in a dynamic form, as a user would use it and look for business logic and procedural security weaknesses. Finally we will test the endpoints that the mobile application communicates with to ensure that it is fully secured.

    Why is it important

    Our Mobile Application Penetration Test identifies vulnerabilities and security weaknesses that are present within your mobile application and the systems that they communicate with. Weaknesses and vulnerabilities often originate from poor coding practices, hardware interactions, ineffective system configuration parameters and weak security system controls.

    Our mobile application penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems;
    • Identify where inappropriate services that increase your exposure

    What the test entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

    All testing is performed from our offices and will require you to supply the application code. We are unable to download the code and test using the versions from the app stores.

  • Phishing and Social Engineering

    Social Engineering

    Your people are the core, the heart of your business. While many of the services we offer are tailored to the IT systems, our Social Engineering service is where we test the people in the business. Our small business social engineering package will test your people for one day. We will be looking to see if we can get any of your employees to carry out an action for us that could lead to our team gaining access to your systems. Please see the conditions section below for more information on what is included.

    Why is it important

    Your people are the heart and soul of your business. More than 80% of successful attacks that result in data breaches have an element of social engineering within them. By conducting social engineering tests, you become aware of the flaws in your human factor security. You can then address these appropriately.

    What the test entails

    We will spend a day making phone calls and sending emails and instant messages to your staff in order to garner credentials or have them perform an action for us.

  • Remote Access & VPN Penetration Test

    Remote Access & VPN Penetration Test

    Remote working became a necessity in 2020 because of the COVID-19 pandemic. Every business implemented a level of remote working to keep the lights on. In a business environment that must now contend with both a pandemic and cybercrime. Due to the rise is cybercrime it is now more than ever imperitive to understand how secure your systems are. Despite this, allowing employees to work remotely offers businesses considerable benefits. In 2020 it allowed businesses to continue to function. Many companies that had previously not permitted remote working were now mandating it.

    Why is it important

    Remote access solutions, by their very definition, introduce gaps in the traditional model of IT security. That is their purpose. They can also leave the organisation's logical perimeter porous. These are the gaps that criminals seek out to exploit and could prove to be a significant vulnerability.

    Through penetration testing, you can learn where the gaps, weaknesses and holes in the current remote access solution exist. Our Remote Access Penetration Testing service will help you to:

    • Get a real-world insight into your vulnerabilities and configuration weaknesses;
    • Identify the most likely path for an attack;
    • Highlight any places where the target systems could be leaking sensitive data;
    • Implement better and stronger authentication and session management controls; and
    • Significantly improve access control.

    What the test entails

    Our CREST certified penetration tester shall conduct an unauthenticated test of your externally facing remote access solutions.

    Your remote access solution may be technologies such as Citrix, Terminal Services, Remote Desktop Services, or traditional VPN's. Our testers use a combination of web application and infrastructure tests to identify any vulnerabilities and security weaknesses within the target systems.

    Your penetration tester will:

    • Review the target environment to assess your network and identify information that would be useful to a hacker;
    • Carry out a series of automated vulnerability scans;
    • Perform a range of manual tests using a methodology closely aligned with the OSSTMM (Open Source Security Testing Methodology Manual);
    • Immediately notify you of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities, ranked in order of significance;
    • Make recommendations on countermeasures to address any identified vulnerabilities; and
    • Provide an executive summary that explains what the risks mean in business terms.

  • Web Applications

    Web Application Penetration Test

    Your public-facing connected systems are open to the world. On today's internet, over half of all the network traffic is not human. More than 11% of network traffic has a malicious nature. Coupled with 37.2% of all website traffic being bot related, it means you are almost certainly in a state of continual attack.

    Why is it important

    Our Web Application Penetration Tests identifies vulnerabilities and security weaknesses that attackers use to compromise your web application's security. Maintaining the security of modern and historic web applications is crucial in today's connected world. Traditional firewalls and other security controls bolster your security. However, web applications with poor security were the single most significant cause of data breaches in 2020.

    Our Penetration Testing service for your Web Application will help you to:

    • Demonstrate how your web application aligned with the OWASP security controls;
    • Understand where vulnerabilities exist and widespread patterns;
    • Improve access control and find functions that are leaking sensitive data;
    • Improve access, authentication and session management controls; and
    • Identify where input validation is failing.

    What the test entails

    We will perform a penetration test of your web application to identify weaknesses, vulnerabilities and information that would be useful to a hacker. For this test, we will:
    • Help scope your web application to establish the exact extent of the testing exercise;
    • Run a series of automated vulnerability scans against the web application;
    • Perform a range of manual tests closely aligned with the OWASP methodology;
    • Immediately notify you of any critical vulnerabilities to help you take action quickly;
    • Provide you with a detailed report that identifies and explains the vulnerabilities (ranked in order of significance); and
    • Include within your test report a list of recommended countermeasures to address any identified vulnerabilities.

  • Wireless Penetration Testing

    Wireless Testing

    Wireless networks over the last years has become more prevalent than wired networks. In this post Covid age many businesses rapidly implemented extended wireless to facilitate better IT working. Making sure your wireless networks are secured is critically important to all business.

    Why is it important

    Our wireless penetration testing service identifies vulnerabilities and security weaknesses that are present within your wireless networks. Wireless infrastructure-related weaknesses and vulnerabilities often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls. Criminals exploit these through malware, phishing and social engineering attacks to gain access to previously private resources.

    Our wireless penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify security weaknesses in your 802.11 wireless networks;
    • Check and test for sub 1ghz wireless networks such as door entry systems;
    • Check for rouge wireless devices;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure.

    What the test entails

    We will perform a complete wireless penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted

    One of our CREST certified testers will perform your penetration test. The test will:

    • Carry out a wireless survey of your environment;
    • Conduct a series of automated wireless vulnerability scans on < 1ghz, 2.4ghz and 5ghz frequencies;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritised by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

Certification

Hedgehog Security places great emphasis on the quality, reliability, and security of the services it offers. We are fully regulated by CREST, the Council for Regitered Ethical Security Testers and are authorised to deliver Penetration Testing, Vulnerability Scanning and IT Health Checks.

CREST Approved Penetration Testing


Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?