Call us on 03450 21 21 51

Penetration Testing
Vulnerability Testing

Penetration Testing

CREST certified penetration testing: Stay one step ahead of cyber criminals.

Knowing where your digital strengths and weaknesses lie is vital to protecting yourself against the threat of a cyber attack. Penetration testing – or pen testing, as it’s also known – is one of the best ways to identify vulnerabilities in your online defences. It involves simulating a real-world attack on a system, network or application to expose any areas for improvement.

SRM’s CREST certified penetration testers are highly skilled cyber professionals. Using ethical hacking techniques our experts attempt to exploit vulnerabilities and expose weaknesses in your company’s infrastructure, applications, processes and people.

Let us test your defences before a hacker does. Call us today for a free quote on 03450 21 21 51 or email

Bespoke Penetration Testing

While each of the solutions below can be seen as a service, we do not simply sell them as packages. What SRM provide is a fully scoped service which helps us work with clients to produce a completely bespoke test and exercise schedule which delivers exactly what is required but with no unnecessary add-ons. This ensures that working with us is a rigorous but cost-effective penetration testing solution.

Vulnerability Assessment

A vulnerability assessment is an analytical process that defines, identifies and classifies security holes (vulnerabilities) in individual computers, networks or communication infrastructures. Effectively, a vulnerability assessment is a base level evaluation penetration test of an organisation’s information security posture. It provides coverage across a wide range of systems and a surface level assessment which identifies weaknesses and issues. SRM utilises a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions. A full no-jargon report provides details of the assessment together with practical remediation steps.

Penetration Testing

A penetration test goes a step further than a vulnerability assessment. It simulates the actions of both external and internal attackers whose intention it is to breach the information security of an organisation. Many tools and techniques are employed in a penetration test. At SRM our team of highly qualified penetration testers hold, at company and individual level, qualifications including CREST. Our approved ethical security testers use their skills and experience to exploit critical systems and gain access to sensitive data. Our deliverable is a comprehensive but easy to understand detailed breakdown of results presented by a consultant in an easy-to-interpret report. It will identify the threats in a jargon-free manner and mitigation steps for the key risks are explained.

Penetration Testing Guide


Advanced Penetration Testing

Not only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure. Our penetration testing service considers external and internal threats using proven tools to simulate attacks on your infrastructure.

  • Websites and associated applications
  • Third party applications
  • Firewall, IPS & IDS Evasion
  • Company and client wireless solutions
  • Internet of Things (IOT) both devices and management infrastructure
  • End user device testing including printers and other peripheral devices
  • Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks
  • Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions)

We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME), Tiger and our team includes individuals who hold the CREST ethical security testing qualification. Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner so that we can work together to mitigate the key risks to your business.

Web Application Testing

Testing a website is vital to ensure malicious attack attempts do not exploit poor configuration, out of date patching, cross-site scripting or injection vulnerabilities of the underlying web application. SRM will undertake a website vulnerability assessment to include:

  • Testing of web services for known vulnerabilities and configuration issues
  • Identification of the website structure and active code (i.e. web pages providing functionality)
  • Testing of functionality and web interactions to ensure that web vulnerabilities (such as the OWASP Top Ten issues) are not present
  • Uniquely SRM will search for malicious web shells which we have uncovered from the numerous PCI PFI investigations undertaken
  • We will test for the latest security vulnerabilities to meet the testing requirements of PCI DSS.

Where applicable, SOAP/REST and similar API testing is also undertaken.

Network Security Testing

All organisations, from huge multi-nationals to charities and SMEs, rely on networks – wired, wireless and cloud based for their business connectivity. Regular and robust testing will identify any risks to the backbone of your operation. SRM’s network testing methodology includes:

  • Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisation
  • Remote access solutions and Virtual Private Networks (VPN)
  • Company telephone solutions, including Voice Over IP (VoIP) and any mobile solutions in scope
  • Review of Operating Systems, patching policies and change governance process

Cloud deployed services including client access as appropriate.

Why Penetration Testing

For pricing email

Tests Explained

Tests explained For those who would like to understand more of the comprehensive nature of testing that SRM can offer, the information below may be of interest.

Incident simulation

Skilled ethical hackers undertake a virtual attack using existing or potential vulnerabilities and play out the impact on the organisation through a variety of social engineering exercises, including news and social media responses and escalation simulation. It is a useful practical test of remediation protocols and a valuable educational tool.

Business Continuity simulation

Similar to the Incident Simulation exercise, this tests the business continuity resilience of an existing remediation plan and helps to develop robust protocols for the future.

Vulnerability exploitation

Network vulnerability exploitation identifies if a remote host is vulnerable to a particular attack, through developing testing and using known exploit code. These automated scans are a useful tool where specific threats are a relevant factor. Correct scoping is key to an effective vulnerability exploitation scan.

Post exploitation

The post exploitation phase of any type of penetration test is to determine the value of the machine compromised, the sensitivity of the data stored and the potential for compromising the whole network. This analysis enables an organisation to evaluate risk and mitigate the risk of further damage. This phase can include escalating privileges on a compromised host as well as pivoting through the machine to attack or interact with other hosts on the network.

Web application testing

A web application proxy tool specifically designed to test security is used to test web applications and web-related interfaces. These automated tools provide a quick method for finding many common vulnerabilities such as SQL injection and cross-site scripting (XSS). They are used to test web applications and web related interfaces, testing for performance, load and stress of web applications, websites, web API, web servers and other web interfaces. These tools are often used during manual testing as they often prove useful in understanding and manually exploiting web applications where automated testing is not sufficient.

Application Programming Interface (API) testing

In general terms, API is a set of clearly defined methods of communication between various software components. An API may be for a web-based system, operating systemdatabase systemcomputer hardware or software library. As the glue that joins a range of web-based applications and platforms together it needs to be secure.


A social engineering attack, Phishing presents a particular risk to organisations because Trojan horses and viruses can be introduced into an entire network via one device. Attackers will also often try to trick staff members into disclosing login credentials or making payments. Testing for phishing vulnerability includes automated attack simulations. Mitigation includes education, quality security awareness training and actionable reporting metrics.


Is another type of social engineering attack, similar to Phishing but it is conducted over the telephone. Scammers contact individuals and trick them into giving access to computer accounts. Usually impersonating a trusted company, they leverage urgency to get victims to act quickly without thinking the situation through.


Is a variant of the same social engineering attack method, using SMS text messages to download a Trojan horse or virus onto a personal device. The testing procedure will highlight where potential intrusions have taken place and the extent of the attack within a network. Mitigation includes the removal of suspect viruses.

Open Source Intelligence (OSINT) Report

OSINT is a term used to refer to the data that can be collected from publicly available sources, to be used within an intelligence context. The use of ‘open’ goes back to the term as it is used within the intelligence community, meaning publicly available and not obtained through espionage. Although open in the sense that content found on Facebook, social media, telephones or emails, there are elements which should not be open to hackers. These include passwords or log in details which may not be readily visible but are embedded within the files somewhere. A detailed report identifies vulnerabilities and provides a managed process for the reduction of these threats to an acceptable level.

Wireless testing

A systematic test of smartphones, feature phones, wireless routers, hotspots, tablets, laptops, network-enabled devices and Information of Things (IOT) devices. An automated testing process, correct scoping is, as always, the key to successful identification and removal or risk.

Physical intrusion

Small intrusion devices can be used to bypass Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). Usually requiring access to the premises, these can take the form of USB sticks or specialist equipment like a raspberry pie (a tiny computer to which all sorts of different sensors and equipment can be hooked up). These are then configured to provide an external hacker with remote access to network systems. As many hacks these days are conducted by employees, testing for evidence of rogue intrusion is an important aspect of information security.

Dropbox placement

Dropbox is diligent about keeping previous versions of files on record. By default, it goes back about a month keeping hundreds of versions of regularly used files. Ransomware infection can therefore expose an organisation to sensitive data being exposed. An automated test can gauge the risk as well as any potential infection, thus enabling an organisation to take steps to protect files and move some Dropbox content to a safe location if required

Associated services

Social Engineering Testing

Social Engineering Testing

Phishing, baiting or tailgaiting: the team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature.

Red Team Engagement

Red Team Engagement

SRM’s CREST qualified consultants combine a rigorous training process with real-world experience so they can think creatively and with the mindset of a genuine hacker. The difference is that they work for you.

Virtual CISO ™ Virtual ISM ™

Virtual CISO ™ Virtual ISM ™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.

Related articles

Everything you need to know about CREST penetration testing

A thorough CREST penetration test from a provider you can trust is an invaluable asset when it comes to protecting your business’s data. In the cybersecurity industry, CREST accreditation..

What is the main difference between vulnerability scanning and penetration testing?

They are two key tools in the fight against cybersecurity breaches, but what separates vulnerability scanning and penetration testing? Penetration testing and vulnerability scanning are two key security services..

What does an effective penetration test consist of?

It’s one of the most reliable techniques for improving data protection, but what does an effective penetration test consist of? There’s no doubt that we’re living in uncertain times,..

Back to top