CREST Approved Penetration Testing helps Identify your Cyber Security weaknesses

Our CREST Approved Penetration Test service is a CREST approved, regulated, full-scope, multi-layered attack simulation, orchestrated from the perspective of a malicious threat actor, designed to measure how prepared your infrastructure, applications, people, processes and technologies can defend and withstand an attack from a real-life adversary, while uncovering potential risks and security vulnerabilities.

Penetration Testing is important for organisations of all sizes and the traditional style of penetration testing has done the job for many years. Now, however, a well structured and scoped penetration test needs to me more than a simple point in time test. Our penetration testing offering has evolved to service led offering, enable regular repeated testing quickly and easily. It is based on seven stages of testing that forms the backbone of our comprehensive penetration testing methodology. You can read more about our seven steps of penetration testing here.

  • Standard Penetration Testing

    We perform the standard traditional style of Penetration Testing on a daily basis to numerous clients of all shapes and sizes. These tests can be one off tests or a part of a group of tests. We offer totally felixibility to meet your testing needs. We go far beyond what you would traditionaly receive in a penetration test. We provide, through our client portal, additional services that enhance your Penetration Test to provide that next generation of security testing coverage. But if you still need that single point in time, traditional penetration test then we can still help.

    Each pentest is consultant-led, with support from one of the project managers. These services have the results and consultant's narrative uploaded to the client portal where cusyoutomers can interact with the findings rather than reading from a very large static report. You can also export the findings as CSV files, integrate the portal into Jira and download PDF reports.

    We can test multiple different assets, from your people and internal business processes to web and mobile applications, brochure sites, industrial control systems, internal and external infrastructure, cloud services of all kinds and more.

  • Penetration Testing as a Service

    We offer our Penetration Testing as a Service. Our Penetration Testing as a Service is built on our standard penetration test and uses our client test portal to the max. No more waiting around until the end of a penetration test to see your results. With our penetration testing as a service model, you can interact directly with your penetration test team through the portal, see the results in real time, address those results, request retests and discuss issues with your testers, all in the portal.

    Our service also enables you to see your results over time, assess which of your issues require immediate remediation and monitor risk scores as the evolve. Using our Penetration testing service model enables your business to enhance its security with you very own penetration testing team. Available direct to you twenty fours hours a day, seven days a week.

Penetration Testing Methodology

Our penetration testing methodology follows the MITRE ATT&CK framework and the National Institute of Standards and Technology Special Publication (NIST-SP​-800-115), along with the latest Techniques, Tactics, and Procedures (TTPs) used by attackers.

1. Information Gathering: The first stage in the seven stages of penetration testing is information gathering. The tested organisation will provide the penetration tester with general information about in-scope targets. The data can range from IP addresses, hostnames, application details, or simply the company name. The supplied data will depend mainly on the perspective of the penetration test and the amount of time the client wishes to be spent testing. From a tester's point of view, the more information the client provides, the better, as it reduces the time needed for reconnaissance and increases the time spent testing.

2. Reconnaissance: We use the information gathered in the initial stage to collect additional details from publicly accessible sources. These sources could be Open Source intelligence sources or hidden away deeper on the internet. The reconnaissance stage is essential to a successful penetration test by allowing penetration testers to identify additional information overlooked, previously unknown, or not provided. This step is beneficial in internal and external network penetration testing; however, we don't typically perform this reconnaissance in web, IoT, VPN/Remote Working, API, or mobile application penetration testing.

3. Discovery and Scanning: The information gathered in the reconnaissance phase is used to perform discovery activities to determine things like ports and services available for targeted hosts or subdomains available for web applications. During this phase, we will start to map a visual representation of your technology deployment and identify weaknesses in configurations. Depending on the scope of the penetration test, we may attempt limited brute-forcing of login services using usernames that have been enumerated in the reconnaissance and the information gathering phases.

4. Vulnerability Assessment: Validate Vulnerabilities and perform Exposure Analysis. We identify vulnerabilities, flag false positives, and analyze all vulnerabilities based on their potential to be exploited and used maliciously against the organization. This is performed using manual and automated vulnerability scanning techniques. Quite often you will find very cheap pricing for Penetration Testing and this is typically where you are being sold nothing more than a vulnerability scan dressed up to look like a penetration test. For more information on this, see our blog article on the dangers of cheap penetration testing.

5. Exploitation: It is in exploitation where the action happens, which looks to many to be that "Hollywood" moment! It is the single largest consumer of testing time. It is where every penetration tester wishes they could spend 100% of their time.

The exploitation phase is where our team interprets the results from the vulnerability assessment and collates all the data from all the previous stages to identify exploitation pathways. Our expert penetration testers then use several manual techniques and human intuition to validate, attack and exploit those vulnerabilities. It is not uncommon for our pentesters to spend time researching potential vulnerabilities and creating new, never before seen exploits. This call of exploit is commonly called a zero-day. Over the years, we have authored well over 100 zero-day exploits that have then been shared with the system vendor or software to enable them to fix the issue.

The overall goal is to gain access to sensitive information or get a foothold onto systems to pivot access. Where system access is obtained, there is a lot of work involved to ensure a level of persistence and to elevate the entire system's permissions can be assessed. At this point, we often start to identify internal process weaknesses such as weak passwords, incorrect security configurations, and inadequate patching regimes.

The "giant loop" starts when access is achieved, and the accessed system gets sent back at Phase 3. The loop continues for as long as new systems are compromised or the testing window remains open.

6. Final Analysis and Review: When you work with Hedgehog on security testing, we deliver our findings continuous through our interactive testing portal. You download your final report in PDF and XLS formats in this portal. This comprehensive report includes narratives of testing and how we found vulnerabilities and exploited them. The report also contains details of the scope, the testing methodologies, in-depth findings details, and recommendations for remediation. We also include details of where findings will cause issues against standards such as Cyber Essentials, PCI-DSS and ISO27001.

7. Utilise the Results of your Penetration Test: The final stage of the seven stages of penetration testing is most important. It would be best to use the findings to create a risk led remediate program. You should rank vulnerabilities, analyse the potential impact of vulnerabilities found, determine remediation strategies, and inform decision-making moving forward.

The Hedgehog security testing methodology is unique and efficient. It does not rely on a static checklist and standard techniques and assessment methods built into "automated" pentesting software. It relies heavily on the experience and the skills of your penetration tester. Effective penetration testing requires a diligent effort to find enterprise weaknesses, just like a malicious individual would. We've developed these seven stages of penetration testing because we've proven that they prepare organisations for attacks and fix areas of vulnerability.

Explore the Demo Portal

Use the link in the top right to log into the portal. The credentials are:

Username: demo@democlient.llc
Password: Demo-Password-2021

Penetration Testing Services

  • Infrastructure Penetration Testing

    Assess and measure your internal and external security posture through Infrastructure Penetration Testing to allow you to manage the identified vulnerabilities and security weaknesses. Our infrastructure pentesting service is one of our most popular services and can be tailored to meet all regulatory requirements including PCI-DSS and NIST800.53.


    > Find out more
  • Web Application Penetration Testing

    Assess your critical Web Applications for Security Vulnerabilities with a Web Application Penetration Test Web Application pentesting is our number 1 most used service, and we have a number of dedicated testers who love working on nothing other than web applications.


    > Find out more
  • Remote Working Assessments

    Assess the configuration of your VPN Security to ensure a misconfiguration or vulnerability is not allowing external access to your corporate network. Since the pandemic, our remote working assessments have been a popular option with dynamic organistations wanting to ensure that their remote worksforce are cyber secure.


    > Find out more
  • Phishing & Social Engineering

    Research, develop and manage an assessment of the security of your people and processes utilising the latest techniques in Penetration Testing. Since the pandemic, there has been a massive rise in the volume and regularity of phishing and social engineering attacks. Our phishing and social engineering testing is a great addition to the remote working assessment.


    > Find out more
  • IoT Penetration Testing

    Assess the security and configuration of your IoT devices to allow you to embrace secure IoT operations in your organisation. The IoT space is increasing rapidly and for the makers of those devices, ensuring security is becoming a necessity. Our IoT Pentesting service helps makers ensure they meet all of the bases of security. We also offer an IoT Security Certification service.


    > Find out more
Download our Penetration Testing Brochure

Different Types of Penetration Testing

We provide all the common types of penetration testing. If you need something not listed below, it doesnt mean that we do not do it. Just get in touch and we can work with you to build the penetration test that is perfect for your needs and testing requirements.

  • Cyber Security Health Check

    Cyber Security Health Check

    A Cyber Security Health Check is essential in establishing a solid foundation upon which to build your Cyber Security infrastructure and will help you identify your weakest security areas, it will also recommend the appropriate actions to mitigate any potential risks that we discover. A cyber health check will provide you with a detailed report describing your current cyber risk status and will leverage best practices, like ISO 27001, CIS 20 Critical Controls and NCSC guidance, to provide recommendations for reducing your overall cyber risk footprint. Ultimately the health check is all about helping you to uncover your Cyber Security weak spots before the attackers do and can help you identify your weakest security areas.

    Why is it important

    Understanding where your weaknesses exist is key to ensuring solid Cyber Security coverage for your business or organisation. With the Hedgehog Cyber Security Health Check you will understand where your weaknesses exist and how to best leverage your existing technology to deal with them.

  • Embedded / IoT Device Testing

    Embedded / IoT Device Testing

    Embedded and IoT devices are becoming more commonplace within businesses and many potential purchasers are starting to look for comfort around the security of the devices. Making sure that these IoT (internet of things) devices are correctly maintained and secured is critically important to all businesses. Our Embedded and IoT Device testing service will put your system through a comprehensive set of more than 200 tests to ensure that it is fully hardened and secured. Please see the conditions section below for more information on what is included.

    Why is it important

    Our testing service identifies vulnerabilities and security weaknesses that are present within your IoT device. We test for weaknesses and vulnerabilities that often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls.

    Our Embedded and IoT device penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure

    What the test entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Conduct a number of physical, hardware-based attacks;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores; and
    • Identify a list of recommended countermeasures to address any identified vulnerabilities;
    • Include an executive summary that explains what the risks mean in business terms.

  • Internal Infrastructure Penetration Test

    Your IT Infrastructure and connected systems are the nervous systems of your business. Making sure that it is maintained and healthy is critically important to all businesses.

    Why Infrastructure Penetration Testing is Important

    Our Infrastructure Penetration Test identifies vulnerabilities and security weaknesses that are present within your networks and connected systems. Internal infrastructure-related weaknesses and vulnerabilities often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls. Criminals exploit these through malware, phishing and social engineering attacks to gain access to previously private resources.

    Our Infrastructure penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure

    What an Infrastructure Penetration Test Entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

    Our SMB Package

    Our small business package will test your internal network of up to 20 workstations:

    • Testing of 20 workstations using the OSSTMM methodology.
    • Live test progress via our Pentesting as a Service portal.
    • Completed in 2 days.
    • Testing performed via our testing appliance which will be sent out to you prior to the test start date.
  • Mobile Applications

    Mobile Application Penetration Testing

    Your mobile applications are an extension of your business in the hands of your clients. Mobile Application Penetration Testing is all about testing those apps. Making sure that your mobile applications are well secured and conform to all of the current data protection legislation is paramount. It is equally important to make sure that the endpoints your mobile applications talk to are well secured, so attackers are not able to access sensitive data from them.

    Our mobile application testing package will test one android or apple mobile application from three perspectives. We will test the static application and look for code weaknesses. We will test the application in a dynamic form, as a user would use it and look for business logic and procedural security weaknesses. Finally we will test the endpoints that the mobile application communicates with to ensure that it is fully secured.

    Why is it important

    Our Mobile Application Penetration Test identifies vulnerabilities and security weaknesses that are present within your mobile application and the systems that they communicate with. Weaknesses and vulnerabilities often originate from poor coding practices, hardware interactions, ineffective system configuration parameters and weak security system controls.

    Our mobile application penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems;
    • Identify where inappropriate services that increase your exposure

    What the test entails

    We will perform a complete infrastructure level penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted.

    One of our CREST-certified testers will perform your penetration test. The test will:

    • Conduct a series of automated vulnerability scans;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritized by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

    All testing is performed from our offices and will require you to supply the application code. We are unable to download the code and test using the versions from the app stores.

  • Phishing and Social Engineering

    Social Engineering

    Your people are the core, the heart of your business. While many of the services we offer are tailored to the IT systems, our Social Engineering service is where we test the people in the business. Our small business social engineering package will test your people for one day. We will be looking to see if we can get any of your employees to carry out an action for us that could lead to our team gaining access to your systems. Please see the conditions section below for more information on what is included.

    Why is it important

    Your people are the heart and soul of your business. More than 80% of successful attacks that result in data breaches have an element of social engineering within them. By conducting social engineering tests, you become aware of the flaws in your human factor security. You can then address these appropriately.

    What the test entails

    We will spend a day making phone calls and sending emails and instant messages to your staff in order to garner credentials or have them perform an action for us.

  • Remote Access & VPN Penetration Test

    Remote Access & VPN Penetration Test

    Remote working became a necessity in 2020 because of the COVID-19 pandemic. Every business implemented a level of remote working to keep the lights on. In a business environment that must now contend with both a pandemic and cybercrime. Due to the rise is cybercrime it is now more than ever imperitive to understand how secure your systems are. Despite this, allowing employees to work remotely offers businesses considerable benefits. In 2020 it allowed businesses to continue to function. Many companies that had previously not permitted remote working were now mandating it.

    Why is it important

    Remote access solutions, by their very definition, introduce gaps in the traditional model of IT security. That is their purpose. They can also leave the organisation's logical perimeter porous. These are the gaps that criminals seek out to exploit and could prove to be a significant vulnerability.

    Through penetration testing, you can learn where the gaps, weaknesses and holes in the current remote access solution exist. Our Remote Access Penetration Testing service will help you to:

    • Get a real-world insight into your vulnerabilities and configuration weaknesses;
    • Identify the most likely path for an attack;
    • Highlight any places where the target systems could be leaking sensitive data;
    • Implement better and stronger authentication and session management controls; and
    • Significantly improve access control.

    What the test entails

    Our CREST certified penetration tester shall conduct an unauthenticated test of your externally facing remote access solutions.

    Your remote access solution may be technologies such as Citrix, Terminal Services, Remote Desktop Services, or traditional VPN's. Our testers use a combination of web application and infrastructure tests to identify any vulnerabilities and security weaknesses within the target systems.

    Your penetration tester will:

    • Review the target environment to assess your network and identify information that would be useful to a hacker;
    • Carry out a series of automated vulnerability scans;
    • Perform a range of manual tests using a methodology closely aligned with the OSSTMM (Open Source Security Testing Methodology Manual);
    • Immediately notify you of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities, ranked in order of significance;
    • Make recommendations on countermeasures to address any identified vulnerabilities; and
    • Provide an executive summary that explains what the risks mean in business terms.

  • Web Applications

    Web Application Penetration Test

    Your public-facing connected systems are open to the world. On today's internet, over half of all the network traffic is not human. More than 11% of network traffic has a malicious nature. Coupled with 37.2% of all website traffic being bot related, it means you are almost certainly in a state of continual attack.

    Why is it important

    Our Web Application Penetration Tests identifies vulnerabilities and security weaknesses that attackers use to compromise your web application's security. Maintaining the security of modern and historic web applications is crucial in today's connected world. Traditional firewalls and other security controls bolster your security. However, web applications with poor security were the single most significant cause of data breaches in 2020.

    Our Penetration Testing service for your Web Application will help you to:

    • Demonstrate how your web application aligned with the OWASP security controls;
    • Understand where vulnerabilities exist and widespread patterns;
    • Improve access control and find functions that are leaking sensitive data;
    • Improve access, authentication and session management controls; and
    • Identify where input validation is failing.

    What the test entails

    We will perform a penetration test of your web application to identify weaknesses, vulnerabilities and information that would be useful to a hacker. For this test, we will:
    • Help scope your web application to establish the exact extent of the testing exercise;
    • Run a series of automated vulnerability scans against the web application;
    • Perform a range of manual tests closely aligned with the OWASP methodology;
    • Immediately notify you of any critical vulnerabilities to help you take action quickly;
    • Provide you with a detailed report that identifies and explains the vulnerabilities (ranked in order of significance); and
    • Include within your test report a list of recommended countermeasures to address any identified vulnerabilities.

  • Wireless Penetration Testing

    Wireless Testing

    Wireless networks over the last years has become more prevalent than wired networks. In this post Covid age many businesses rapidly implemented extended wireless to facilitate better IT working. Making sure your wireless networks are secured is critically important to all business.

    Why is it important

    Our wireless penetration testing service identifies vulnerabilities and security weaknesses that are present within your wireless networks. Wireless infrastructure-related weaknesses and vulnerabilities often originate from poor hardware configurations, ineffective system configuration parameters and weak security system controls. Criminals exploit these through malware, phishing and social engineering attacks to gain access to previously private resources.

    Our wireless penetration testing service will help you:

    • Gain real-world insight into your vulnerabilities;
    • Identify security weaknesses in your 802.11 wireless networks;
    • Check and test for sub 1ghz wireless networks such as door entry systems;
    • Check for rouge wireless devices;
    • Identify any missing patches;
    • Identify weak configurations;
    • Harden software and systems; and
    • Identify where inappropriate services that increase your exposure.

    What the test entails

    We will perform a complete wireless penetration testing following the OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard) methodologies. These methodologies ensure we identify any weaknesses that could allow an attacker to compromise the network, the data stored within it, or the devices hosted

    One of our CREST certified testers will perform your penetration test. The test will:

    • Carry out a wireless survey of your environment;
    • Conduct a series of automated wireless vulnerability scans on < 1ghz, 2.4ghz and 5ghz frequencies;
    • Carry out a range of manual tests using a methodology closely aligned with the OSSTM and PTES methodologies;
    • Provide immediate notification of any critical vulnerabilities to help you act quickly;
    • Produce a detailed report that identifies and explains the vulnerabilities prioritised by the risk posed to your business, not based on CVSS scores;
    • Identify a list of recommended countermeasures to address any identified vulnerabilities; and
    • Include an executive summary that explains what the risks mean in business terms.

Certification

Hedgehog Security places great emphasis on the quality, reliability, and security of the services it offers. We are fully regulated by CREST, the Council for Regitered Ethical Security Testers and are authorised to deliver Cyber Security Consulting along with Penetration Testing, Vulnerability Scanning and IT Health Checks.

Penetration Testing | Hedgehog Security

Penetration Testing Insights


Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?