Know your exposure before an attacker does.
Offensive security assessments delivered by CEH-certified engineers — network penetration testing, vulnerability scanning, web application assessment, social engineering, wireless testing, firewall evaluation, and security posture review. Every engagement produces an executive briefing and a findings report with remediation recommendations.
One-time project engagements. Scoped to your environment and asset count. Remediation is separate — scoped from the report findings.
Ask yourself
Which of your externally facing assets are visible to an attacker right now?
When were your web applications last tested against current attack techniques?
Could an attacker move laterally inside your network without triggering an alert?
Do you have a written record of your security posture to show clients or auditors?
Would your staff spot a fake invoice, malicious attachment, or spoofed login?
Assessment Types
Eight engagements. One point of contact.
Each assessment is a distinct scope with its own deliverables. Order one or combine multiple. Scoped individually to your environment.
External Network Penetration Test
External IP addresses
Simulates an outside attacker attempting to breach your perimeter. Engineers footprint your environment, scan external-facing systems, and attempt to exploit identified vulnerabilities.
Footprint and reconnaissance of external environment
Vulnerability scan across all external-facing IPs
Attempted exploitation of identified vulnerabilities
Executive briefing and final report with remediation recommendations
Internal Network Penetration Test
Internal IP addresses
Simulates a threat that has already gained access to your internal network — an insider, a compromised credential, or lateral movement from an initial breach.
Internal network scan and vulnerability identification
Attempted exploitation from inside the network perimeter
Lateral movement and privilege escalation testing
Executive briefing and final report with remediation recommendations
Web Application Vulnerability Assessment
URLs / web applications
Identifies vulnerabilities in your web applications by simulating an external attacker. Tests include SQL injection, cross-site scripting, cross-site request forgery, buffer overflows, and weak authentication.
Authenticated and unauthenticated testing against provided URLs
Exploitation attempts using manual and automated toolsets
Vulnerability analysis covering OWASP top categories
Executive briefing and final report with source-level remediation recommendations
Vulnerability Scan Assessment
External or internal IP addresses
Identifies vulnerabilities across your IP ranges without attempting to exploit them. Lower cost than a penetration test — designed for broader IP coverage or regular scanning between full pen tests.
Automated and manual scanning across provided IP addresses
Vulnerability identification with risk prioritization
No exploitation attempted — findings only
Executive briefing and final report with remediation recommendations
Cybersecurity Posture Assessment
Organisation-wide — interview + questionnaire
Evaluates your security controls against the CIS Critical Security Controls framework. A pre-interview questionnaire followed by a one-hour interview with C-level management and your IT representative.
Pre-interview questionnaire covering critical security control areas
One-hour structured interview with C-level and IT stakeholders
Analysis of collected data against CIS Critical Security Controls
Final report identifying risks and recommendations by control area
Wireless Network Penetration Test
SSIDs / wireless networks
Scans and attempts to exploit vulnerabilities in your wireless SSIDs — including brute force and exploit-based access attempts. Optional wireless controller configuration review available.
Vulnerability scanning across provided SSIDs
Exploitation attempts via manual and automated toolsets
Optional wireless controller configuration review against best practices
Final report with findings and remediation approach
Social Engineering Assessment
Employees — email and/or phone
Tests your employees' response to phishing emails and vishing phone calls. Tracks who clicks, who divulges sensitive information, and produces a report on your human security exposure.
Customised spear phishing email campaign to specified employees
Vishing phone call campaign with scripted social engineering scenarios
Tracking of employees who click, respond, or divulge sensitive information
Final report with findings and awareness recommendations
Firewall Rules Evaluation
Firewall configuration files
Analyses your firewall configuration against industry best practices — identifying unused rules, policy violations, PCI DSS compliance gaps, and opportunities to consolidate or re-order rules for improved performance.
Configuration analysis against CIS, PCI DSS, NIST, and ISO 27001 requirements
Identification of unused, redundant, or conflicting rules
Policy violation and compliance gap documentation
Final report with prioritised remediation recommendations
Know What You're Buying
Penetration test vs. vulnerability scan — not the same thing.
The most common source of confusion in security assessments. Understanding the difference determines which engagement fits your situation.
More thorough
Penetration Test
Identifies vulnerabilities and then attempts to exploit them to demonstrate actual access. Shows what an attacker could actually achieve — not just what vulnerabilities exist.
Confirms whether a vulnerability is actually exploitable
Demonstrates real-world impact — what an attacker gains
Required by PCI DSS, HIPAA, and SOC 2 annually
More labour-intensive — priced per IP or per scope
Broader coverage
Vulnerability Scan
Identifies vulnerabilities without attempting to exploit them. Lower cost — suited for larger IP ranges or regular scanning between full penetration tests.
Broader IP coverage at a lower cost per address
Identifies what exists — exploitation not included
Suitable for regular scanning cadence between pen tests
Priced by IP address count — scales across larger environments
Not sure which you need? Many engagements combine both — a vulnerability scan across a broader IP range with a targeted penetration test on the highest-risk systems. We scope the right combination at the kickoff call.
How It Works
Five phases from scoping to sign-off.
Every assessment follows this sequence. No work begins without a kickoff call — no engagement closes without your sign-off.
Scoping
We confirm the assessment type, collect required inputs — IP addresses, URLs, SSIDs, or employee lists — and schedule the kickoff call with your stakeholders.
Assessment type confirmed
Required inputs collected
Kickoff call scheduled
Kickoff
Kickoff call with your team — roles confirmed, start dates set, schedule agreed, and project completion requirements documented. No work begins without this call.
Stakeholders identified
Schedule and milestones agreed
Communication plan established
Execution
CEH-certified engineers execute the assessment using a mix of manual and automated toolsets. For penetration tests, exploitation is attempted only on identified vulnerabilities — no data is read, written, or modified.
Assessment executed per agreed scope
Vulnerabilities identified and documented
Exploitation results logged
Analysis & Report
All collected data is analysed. The final report is produced — documenting every vulnerability found, exploitation results, risk prioritisation, and specific remediation recommendations.
Final report produced
Executive briefing prepared
Password-protected PDF delivered
Sign-Off
Report delivered to your team. You have 5 business days to review and respond. We can coordinate a call to walk through findings and remediation priorities.
Report delivered and reviewed
Findings walkthrough available
Engagement closed
Deliverables
Every engagement. Same standard of delivery.
Regardless of assessment type, every engagement closes with the same set of deliverables — executive briefing, final report, and remediation recommendations.
Executive Briefing
A summary of findings presented at a level appropriate for C-level and business stakeholders — what was tested, what was found, and what needs to happen.
Final Report
Full technical documentation of every vulnerability identified, exploitation outcomes, risk prioritisation, and specific remediation recommendations.
Remediation Recommendations
Prioritised, actionable recommendations for each finding — what to fix, in what order, and how. Remediation itself is a separate engagement scoped from the report findings.
Password-Protected Delivery
All reports and presentation materials delivered as password-protected PDF documents — findings are sensitive and handled accordingly.
Who This Is For
Real situations. Real exposure.
Businesses that need to understand their security posture — for compliance, for insurance, or simply because they haven't tested it.
Healthcare Provider — HIPAA Compliance
Multi-location clinic required to demonstrate network security controls for HIPAA compliance. No prior penetration testing on record. Auditor has flagged the gap.
External and internal network penetration test scoped to clinic network IPs. Cybersecurity posture assessment evaluates controls against CIS framework. Final reports used as HIPAA audit evidence.
Financial Services — Annual Security Review
Financial advisory firm processing client data — SOC 2 Type II audit requires annual penetration testing and evidence of security controls review.
External network penetration test on public-facing systems. Vulnerability scan on internal IP range. Firewall rules evaluation confirms PCI-aligned configuration. Reports satisfy auditor requirements.
E-Commerce Business — PCI DSS
Online retailer processing card payments — PCI DSS requires annual penetration testing. No internal security team to manage the engagement.
External network penetration test on cardholder data environment IPs. Web application vulnerability assessment on checkout and payment URLs. Findings documented for PCI compliance evidence.
Professional Services Firm — Cyber Insurance
Law firm renewing cyber insurance — insurer requires evidence of recent penetration testing and vulnerability assessment as a condition of coverage.
External penetration test and vulnerability scan scoped to the firm's network. Password-protected final report delivered — submitted directly as cyber insurance evidence.
Manufacturing Company — Employee Risk
Regional manufacturer concerned about phishing risk after a near-miss incident. No visibility into how staff respond to social engineering attempts.
Spear phishing email campaign and vishing phone assessment scoped to targeted employee groups. Report identifies who clicked, who divulged information, and recommends awareness training priorities.
Growing Business — First Security Assessment
Scaling SMB with no prior security assessment — leadership wants to understand their actual exposure before investing in additional security tooling.
Cybersecurity posture assessment establishes the baseline — where controls exist, where gaps are, and what to prioritise. External vulnerability scan maps the internet-facing attack surface. Report provides the order of operations.
Common Questions
Before you ask — we've answered it.
Find the gaps before an attacker does.
Eight assessment types. CEH-certified engineers. Executive briefing and findings report on every engagement. Scoped to your environment — one point of contact throughout.
Assessment and remediation are scoped separately — so you control what happens next. No obligation beyond the assessment itself.