Infrastructure Penetration Testing

Although many services migrating to the cloud, infrastructure penetration testing remains vitally important. Every day new vulnerabilities are released and often these are centered on the infrastructure stack. Hedgehog Cyber delivers leading edge infrastructure penetration testing for  service providers as well for the clients that use these services as a core part of our penetration testing offerings.

Benefits of Infrastructure Penetration Testing

The benefits of an infrastructure penetration test are increased technical assurance, and better understanding of the attack surface that your systems are exposed to. Infrastructure services, whether they are a physical or virtual infrastructure platform, are prone to security misconfigurations, weaknesses, and security threats.
By engaging with Hedgehog Cyber to perform your infrastructure penetration test, you will get:
  • A better understanding of your infrastructure. What services do you have exposed? What systems do you expose to the public?
  • A detailed report on any common security misconfigurations along with our recommendations for how to secure your cloud configuration.

The increased assurance will come from the fact that that you will gain visibility of the security weaknesses of your infrastructure. You will be able to verify what services and data are publicly accessible, what security controls are in effect, and how effectively these are mitigating your security risk.

Infrastructure Penetration testing Quote

Use our online quote generation service to design and build your perfect penetration test and receive a formal quote within hours, not days.


Although businesses are now able to enhance their security through cloud and traditionally deployed security solutions and controls, you are ultimately responsible for securing your company’s security. According to the 2019 State of Cyber Security Report, the top security challenges highlighted are about data loss and data privacy. This is followed by compliance concerns, tied with concerns about accidental exposure of credentials.

Infrastructure Configuration Review is an assessment of your configuration against the accepted best practice of industry benchmarks. A report is produced with a summary table showing the benchmarks and whether you are following the best practice, with individual technical findings breaking the findings down in more detail, as well as detailed explanations and remediation advice.

Infrastructure Penetration Testing (infrastructre pentesting for short) involves a mixture of external and internal penetration testing techniques to examine the external posture of the organisation. Examples of vulnerabilities determined by this type of active testing can include unprotected storage blobs and S3 buckets, information leakage through DNS, open servers with management ports open to the internet and poor egress controls.

Infrastructure Testing, whether a configuration review, a penetration test, or both, focuses primarily around examining the protection on these key areas:

  • Enumeration of external attack surface – Identify all possible entry points into the environment – Remote Desktops, Management Applications, Web Applications, Storage Blobs, S3 Buckets, SQL/RDS Databases, VPNs, etc.
  • Authentication and Authorisation Testing – Ensure the users within the environment operate on a Principle of Least Privilege, are protected by robust multi factor authentication policies, as well as ensuring that known ‘bad passwords’ are prohibited from being used.
  • Storage and Databases – This area of testing will examine storage blob permissions and those of subfolders, ensuring that only authenticated and authorised users can access the data within. Examination of databases (either on virtual machines running SQL Server, or running internal systems) for security best practices is also covered.

Threats for 2020

  • Unauthorised Access
  • Insecure Interfaces and API's
  • Misconfiguration
  • Account Hijacking
  • Data Leakage
  • Malicious Insiders
  • Malware

Buy Online

For the small business we have three test packages. Of course, these will not suit everyone so if these do not suit, please us the online quote generation service to build your perfect penetration test.

SMB Server

All in one server testing
£ 450
plus VAT
  • Testing 1 asset
  • Ideal for cPanel
  • PTES Methodology
  • CREST Approved
  • with Certificate of Test

SmB Network

Up to 10 assets
£ 950
plus VAT
  • Up to 10 assets to test
  • Server and Network Testing
  • Workstation Testing
  • CREST Approved
  • with Certificate of Test

SMB Network+

Up to 10 assets with fixes
£ 1900
plus VAT
  • All from SMB Network
  • Fix all Critical Issues
  • Fix all High Issues
  • Includes the Retest
  • Post Retest Certificate

Why Hedgehog?

Our team consists of OSCP and CREST CRT certified experts. Our experienced consultants frequently publish research on all aspects of Penetration Testing.

Penetration Testing News

Scroll to Top