Penetration Testing


Penetration testing simulates an attacker attempting to gain access to a specified target server, application, ICT system or asset. It should be carried out whenever a new application, server, ICT system or network device is being deployed or the configuration of an Internet-facing service has changed. Penetration testing and vulnerability assessments use both automated and manual toolsets to provide greater coverage. Manual testing provides a more through level of assurance as this includes an element of human hacking or intuition factor that a real person would use that an automated scanner may miss.

Vulnerabilities or weaknesses often exist within systems and penetration testing can be used to quantify how easily any identified vulnerability can be exploited. See also application code review.


Penetration testing typically includes:

  • Network discovery - establishes an Internet "footprint" (what does the system look like from the Internet)
  • Network scanning - external and internal scanning
  • Internet profiling - vulnerability testing of all Internet devices
  • Network device test - servers, firewalls, routers, ICT systems and assets
  • Web application testing - web applications and front facing client applications
  • Mobile applications – mobile device applications for Android, Apple iOS, Blackberry and Windows Mobile (see mobile & wireless review)


A standard review takes approximately three to five days.

Department of Internal Affairs (Marketplace 2021, All of Government Certified Services & Common Capability ICT 2017) ICT-SRS Panel Provider

  • Information Security Risk Management and Assessment Primary
  • Information Security Governance and Strategy Primary
  • Information Security Assurance Primary
  • Source Code and Application Review and Technical Testing Primary
  • ICT Forensics, Investigation and Security Incident Response Primary


Get in touch for more information about how we can help.