Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Penetration Testing

We offer a wide range of security assessment services, which can be tailored to form a package that meets the security needs of your business

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Portfolio

Our network penetration testing services cover a broad spectrum of domains such as cloud, wireless, mobile, stealth campaigns, phishing, IoT, external & internal networks and solutions.

Bespoke Security Reviews

This comprehensive cybersecurity audit covers supply chain risk, M&A due diligence, IoT and a range of advanced penetration testing scenarios and bespoke projects that can be tailored for the security needs of your company.

Mobile Penetration Testing

Ensuring the safety and security of user data is paramount to running any mobile applications. Our tailored approach checks for flaws or exploits that could lead to your data being compromised. These services are designed to identify potential threats and vulnerabilities before it’s too late.

Cyber Attack Simulation

Cyber Attack Simulations are designed with multi-step attack scenarios to check how defensive controls react during a real time attack. This includes red teaming, blue/purple teaming and phishing campaigns.

Cloud Penetration Testing

Most organizations, like yours, are migrating to cloud due to ease of use and 24 x 7 availability. As an end user of cloud hosted solution, it is your responsibility to ensure that the security of any operating systems and applications hosted in the cloud are continuously maintained and tested.

Web Application Penetration Testing

Our team of cybersecurity experts will test and perform security assessments for all your web applications. This will include code reviews, threat modeling and database assessments.

Network Penetration Testing

Our network penetration testing services cover a broad spectrum of levels, including single build reviews, segregation reviews to network-wide assessments.

Find out threats before they find you.
Call Us Now

Key benefits

The pro-active approach towards security

Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.

A fresh set of eyes

No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.

Security is a continuous process

There is no magic bullet or one size fits all cybersecurity solution that will protect your network. In order to make sure you’re protected, you need continuous security assessments and up to date solutions that keep your organisation ahead of the curve. 

Consolidate your cyber security strategy

The information gained from our security assessments and cybersecurity audits will form the basis of a cybersecurity strategy that you can rely on to protect your network. You can update your practices, employee awareness, processes, and technology to match the new threats and evolving cybersecurity landscape.

Protect yourself against evolving threats

The nature of cybersecurity threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection. This is why you need to perform regular security assessments to protect your network.

Frequently Asked Questions (FAQs)

How much does a penetration test cost?

We are proud to offer project flexibility options such as cancellations, reporting customisation in addition to pricing structure. 

A penetration test pricing is often calculated around a resource's time towards testing the functions of an asset for e.g. Number of servers, VLANs, hosting environment, physical locations in a company or number of dynamic pages, input fields and privilege levels in an application. Based on the client and environment, further complexities are added into time calculation such as custom features, architecture complexity, positioning in the network, hosting facilities, etc. Therefore, a walkthrough or a knowledge document as a pre-requisite to scoping always adds to accuracy.

Our assessment pricing involves transparency around sub-elements of a project based on the utilisation of resources on man day basis. This is further categorised in phases based on the nature of assessment and objectives agreed. Once we have your requirements, we produce a customised proposal including pricing to help you make an informed decision.

How soon you can schedule my project?

We understand that customers have deadlines to meet. We also understand go lives could be delayed due to penetration tests not scheduled in time.

Penetration testing activities such as planning, preparation and execution need time, therefore we ask all our clients to give us 3-4 weeks lead time. With that said, based on time and requirements we may fulfil urgent project requirements. Please get in touch as soon as you are confident on timelines. 

How long does a pentest take?

Duration of an assessment varies based on the size of the asset in scope. For instance, an application with multiple pages with dynamic content and form fields would take longer to assess than a static website with a simple search function. Similarly, networks based assessments include restrictions, size, accessibility factors while determining the timescales.

Unauthorised or authorised exercises differ in timescales due to the lead time required to build a knowledge about the functionality of the asset.

Do you perform compliance requirements based testing?

We often get queried on how to meet compliance requirements and if our assessments would be sufficient evidence of an audit. Our assessment is in compliance with the highest penetration testing standards such as CREST and cover the well known standards such as OWASP, SANS Critical Security Controls, CIS Controls and NIST standards. Please ensure that you discuss these pre-requisites with your Defendza account manager before moving forward.

Do you offer any remediation help?

Client servicing underpins everything we do.

Our comprehensive reporting provides both strategic and tactical recommendations. 

  • Which assets pose risk by highlighting the vulnerabilities and associated risks
  • What is the impact and likelihood of the attacks associated with identified threats
  • How our remediation advice (both tactical and strategic levels) is helpful

Post-engagement, we offer a free of charge debrief where we perform walkthroughs of the project, understanding of risks and helping customers to prepare a remediation plan.

Our web and phone support is available to all customers where we promise to answer all queries between 24-48 hours.

How do you handle client communications?

We take customer communication as seriously as reporting or assessment execution. We engage with customers throughout a project, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help management as well as technical audiences understand the weaknesses and prepare a mitigation plan.

How often should a penetration test be conducted?

In a usual asset's lifecycle, a penetration test is conducted at least once a year. 

During any changes such as infrastructure refresh, major upgrades or modifications, a penetration test is advised to be aware of gaps presented by the infrastructure (applications, systems, networks) changes. Some compliance requirements such as PCI DSS, sector based commission technical audits, vendor assurance requirements mandate regular penetration tests.

How disruptive is pen test activity?

Defendza adheres to CREST code and conduct ensuring high technical standards of professional security testing. We attempt to identify and tweak our assessments based on the fragility of the assets in scope. Our methodology ensures that all our assessments are designed to perform safe assessments without disrupting everyday business. 

Low level attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments. 

Remote or Onsite assessment - What's the difference?

This depends upon on the project requirement. For internal network penetration testing, wireless security penetration testing, internally accessible assets, onsite assessments are performed either at customer premises, data centre or service provider site.

Many a time, penetration testing can be performed remotely. We provide our external IP addresses during every remote assignment so that customer logging and monitoring processes and procedures are aware of this activity. 

Do you follow any testing methodologies?

Defendza's assessment methodology is reviewed by CREST, and we adhere to CREST's code and conduct to ensure we maintain high technical standards during professional security assessments. 

For penetration tests, our methodology encompasses OWASP, SANS Top 20 Critical Controls and CIS, NIST or other standards are included based on the customer request.

Do you perform automated or manual assessments?

While automated scans are useful to identify low level hanging fruits such as missing patches or common vulnerabilities, they do not cover in-depth reviews of an asset.

During a penetration test, majority of the execution phase involves manual approach however Defendza utilises automated tools for specific activities as port scanners, web proxies as an early step to the engagement. A penetration test uncovers flaws such as business logic issues that are otherwise uncovered during an automated test.

How are vulnerability tests different from penetration tests?

A vulnerability scan is performed with the use of automated tools to identify known weaknesses. No exploitation of weaknesses is involved in this test.

A penetration is in-depth assessment focussed on identifying and exploiting the weaknesses to measure the impact and likelihood of an attack. It combines machine and manual approaches to identify hidden weaknesses.

What are the different types of pen tests available?

Defendza's assessment methodology ensures rigorous examination of your assets i.e. networks, web applications, web services and/or mobile applications to identify and exploit a range of security vulnerabilities. These assessments vary in size and scope based on the drivers of the engagement and business decisions. Three different penetration test strategies are black box (without prior knowledge), grey box (with some knowledge) and white box (with all information) assessments.
Learn more about our range of offerings here

What does a penetration test tell you?

A penetration test is an exercise to identify technical risks affecting software and hardware in scope. An accurately scoped penetration can add an assurance that the products and security configurations, controls are configured in line with good practices, and no common or publicly known vulnerabilities affect the assets in scope, at the time of the test.

What is a penetration test?

A penetration test is a form of cyber security assurance provided by demonstrating weaknesses in an asset. The objective of this assessment is to  identify security weaknesses in the target networks, applications and/or systems that could impact negatively on a customer's business or reputation if they led to the compromise or abuse of systems.

Our process

We take tremendous pride in the detailed and efficient process that we offer to our clients

Step. 1
Contact Us

Take the first step towards ensuring your cybersecurity - get in touch with our team of experts via our ‘Contact Us’ form. From there we’ll begin informal discussions about we can work together to build a cybersecurity package tailored for your business.

01

Step. 2
Services Proposal

We like to get to know our clients first, to understand your business, your network, and map your security needs, so we’ll arrange a face to face or a video meeting between you and one of our cybersecurity experts to discuss your requirements.

Using this information, and our wealth of cybersecurity knowledge, our team will put together a tailored proposal designed to meet your business’ specific security requirements.

02

Step. 3
Assessment Execution and Delivery

Defendza’s excellent customer communication is the key to our success. All our consultants ensure that progress updates are provided in an easy-to-understand and business-focused way, ensuring that you’re aware at every stage of how things are progressing. Our reports give you strategic recommendations to help you prepare a mitigation plan for any attack, so that you are fully aware of overall risk and its impact on your business.

03

Step. 4
After Care and Support

At Defendza, we make sure that everyone understands what has been done, at technical and management level, via a debrief either onsite or via a call. 

Email and phone support are provided after completion of the project, with a reply within 24 hours to any queries. 

04

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Resources

Tips

Cyber Security Guidance for Online Retailers (SMEs)

Defendza's checklist-based guidance online retailers especially SMEs to provide with an overview of both basic and advanced cybersecurity measures they should implement. Overall, the guide will enable organizations to improve their cybersecurity posture, reduce security risks, avoid vulnerabilities, and enhance their resilience.

Read the Blog
Tips

Cyber Security for SMEs - Practical Approach

Defendza, a cyber security firm specialising in cyber security consulting and managed services, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. 

Read the Blog
Tips

Quick Guide - How to secure APIs.

Defendza, a cyber security firm specialising in cyber security consulting and managed services, offers a six-point quick help that would help SME’s tackle the most common cyber-attacks. 

Read the Blog