Infrastructure Penetration Testing

Infrastructure Penetration Testing helps Identify your weaknesses

Infrastructure Penetration Testing service. The Hedgehog infrastructure pentest service is a CREST approved, regulated, full-scope, multi-layered attack simulation, orchestrated from the perspective of a malicious threat actor, designed to measure how prepared your infrastructure and technology can defend and withstand an attack from a real-life adversary, while uncovering potential risks and security vulnerabilities.

Infrastructure Penetration Testing

Infrastructure Penetration Testing is important for organisations of all sizes. The traditional style of penetration testing has done the job for many years but it is time for change. Hedgehog delivers CREST Defensible Penetration Testing as standard. Our Infrastructure penetration tests are well structured, with thorough scopes. Our testing meets the tests of external auditors as a true, exact penetration test.

Penetration Testing Process

Scope: Every infrastructure penetration testing engagement starts with a scope. The scope is built by our most senior testers. These testers are CISSP, OSCP and CREST CRT qualified. The agreed scope is then turned into a worksheet and assigned to one of our three pentest teams.

Test: Each team is led by a seasoned team leader. It is their job deliver a complete test and ensure that all 422 infrastructure testing checks have been completed.

Signoff: Once testing is completed, the report and all of the test data is reviewed by our CISO for signoff. Once it is signed off, it is delivered by our secure testing portal.

Parts of an Infrastructure Penetration Test

There are two components to delivering our Penetration Testing service, Internal and External assessments. It is commonplace to combine these into a single Penetration Test that covers both the internal and external components of the network.

Internal Penetration Test

Our Internal Infrastructure Pentest service is performed by a qualified Infrastructure penetration tester. They will either be onsite within your corporate network or testing via one of our appliances.

This type of Internal Penetration Test looks for security issues and vulnerabilities on the inside of your corporate network. The test is performed with the same physical access as a member of staff or other types of employee who has access to the building or via a VPN.

This Infrastructure Penetration Testing Assessment provides a very comprehensive view of the configuration of your corporate network devices and servers from a security viewpoint of an insider, connected to your network.

External Penetration Test

Our External Infrastructure Pentest service is performed by a qualified Infrastructure security consultant who is onsite within your corporate network.

This type of assessment is concerned with assessing the external, Internet-facing infrastructure of your corporate network. This could be your Firewall, VPN endpoints, Web Servers or Mail Servers etc.

The level of access to these resources would be the same as an external hacker trying to break into your corporate environment so this assessment provides you with a real risk indicator as to your external security posture.


A typical infrastructure penetration test for a single /24 network takes two to three days to run with a typical price of £2850.00.

Talk To A Security Specialist

Book a free consultation with a security specialist to discuss your current concerns or security requirements.

Hedgehog Security needs the contact information you provide to us to contact you. You may unsubscribe from these communications at any time.  By clicking "Request Callback" below you agree for us to store and process your data.  For information on how to unsubscribe please review our Privacy Policy.

Infrastructure Penetration Testing Brochure

Vulnerability Assessment vs Penetration Testing

Hedgehog offers vulnerability assessment and penetration testing services that can be used to identify vulnerabilities in an organisation’s network. Both of these services differ from each other in the level of detail that they provide, due to the amount of effort and associated cost that is required.

Vulnerability Assessment

A vulnerability assessment provides a high-level overview of the vulnerabilities that may be present to an attacker who has gained access to your network. This automated assessment provides a cost-effective solution for organisations who want to quickly identify potential security vulnerabilities on their network – without going into the same level of detail as a manual penetration test.

Penetration Testing

Having a manual penetration test conducted on your network, simulates the same approach and skillset that would be used by an attacker in a real-life scenario. During the pen test, our CREST-accredited consultants will perform a rigorous and targeted assessment of your network, with the ultimate goal being to achieve administrative access to your servers and workstations. Based on the results of an initial vulnerability assessment, specific manual tests are performed which replicate a real-life cyber-attack using the very latest exploits and attack vectors.

You can find out more about our infrastructure testing services in the links below:







Infrastructure Pentesting Methodology

Hedgehog Security’s infrastructure penetration test service utilizes a risk-based approach to manually identify critical application-centric security flaws in all in-scope networks, appliances and applications. Our infrastructure pentest service combines the results from industry-leading scanning tools with manual testing to enumerate and validate vulnerabilities, configuration errors, and business logic flaws. In-depth manual application testing enables us to find what scanners often miss.

Using this approach, Hedgehog Security’s comprehensive Infrastructure Penetration Test covers the classes of vulnerabilities outlined in the SANS Top 20 Critical Security Controls for Effective Cyber Defense and beyond:

  • Inventory of Authorized and Unauthorized Devices.
  • Inventory of Authorized and Unauthorized Software.
  • Secure Configurations for Hardware and Software.
  • Continuous Vulnerability Assessment and Remediation.
  • Controlled Use of Administrative Privileges.
  • Maintenance, Monitoring, and Analysis of Audit Logs.
  • Email and Web Browser Protections.
  • Malware Defenses.
  • Limitation and Control of Network Ports, Protocols, and Services.
  • Data Recovery Capability.
  • Secure Configurations for Network Devices.
  • Boundary Defense.
  • Data Protection.
  • Controlled Access Based on the Need to Know.
  • Wireless Access Control.
  • Account Monitoring and Control.
  • Security Skills Assessment and Appropriate Training to Fill Gaps.
  • Application Software Security.
  • Incident Response and Management.
  • Penetration Tests and Red Team Exercises.

Our infrastructure penetration testing methodology is a consistent process based on industry-standard practices used for each infrastructure pen test we perform. Experience has shown our clients and us that our proven infrastructure penetration testing methodology works.

Explore the Demo Portal

Use the link in the top right to log into the portal. The credentials are:

Password: Demo-Password-2021

Remote Infrastructure Penetration Testing

Traditionally, Infrastructure Penetration Tests have been conducted onsite where a our consultant would visit your office and physically connect to the network infrastructure to perform the assessment. With the issues faced around the Coronavirus situation, we have released our client portal, a technology-led alternative to having a consultant visit site.

We are offering a Remote Infrastructure Penetration Test where the whole engagement is performed without the need to visit the customer site. You can either download a Virtual Machine image that can be installed within the corporate network or be shipped a standalone network appliance.

Both solutions create a secure channel to the Hedgehog Security Operations Center where the assigned consultant can then command the image or appliance in the same way as they would if they had their laptop on site.

All data collected during the test is held securely at our ISO27001 certified Security Operations Centre allowing the consultant to perform the assessment and upload the results to the client portal