Penetration Testing Services

We simulate real world attacks on your network, applications or systems – utilising both established and emerging malicious threat actor techniques to identify vulnerabilities and weaknesses.

By pre-empting these attacks, we can provide recommendations on how to improve your defences in the event of a real-life attack, helping you to protect what matters most.

We offer free remote re-tests

Access the mindset of an attacker

By emulating the tactics, techniques and procedures (TTPs) and indicators of compromise (IoCs) used by hackers we can identify exploits and vulnerabilities to offer a more realistic assessment.

Continuous Penetration Testing

In the window between manual assessments, our testing platform will continuously test your networks and alert you of any possible security vulnerabilities.

Quality Assured

Our services are aligned to industry standards for network and web application security assessments such as Open Web Application Security Project (OWASP), NIST and The Penetration Testing Execution Standard (PTES).

Effective Risk Management

Allowing you to focus on the highest risks that matter to your business through asset classification, risk prioritisation and remediation.

Actionable Risk Reduction

Clear, concise remediation guidance available with step-by-step instructions to enable your organisation to mitigate risks.

Remote flexible penetration testing

A Rootshell hardened security appliance can be used by our analysts and consultants to conduct full internal assessments as though they were on site.

Penetration Testing services are designed to assess the resilience of your organisation’s security controls by identifying how attackers could access your systems and data.

Our 5 stage methodology ensures that you get the actionable insight and remediation advice you need to reduce risk.


We work closely with your organisation to understand and agree the complexity of your requirements. This gives us the opportunity to discuss any prerequisites such as test accounts, authorisation and escalation processes. All scoping, including exchanging of information is conducted securetly within the Rootshell Platform.


Testing will be performed by our experienced security consultants who hold the highest industry qualifications such as CREST & OSCP. Your assigned consultants will carry out the testing as agreed as part of the scoping exercise and update you throughout the process.


The key deliverable from the Rootshell testing is a formal report, with risks populated. This report will provide a clear understanding of any areas of risk or vulnerability and will form the basis for any remediation activities.


After testing has been completed and you have reviewed your report, you can discuss all aspects with your Rootshell consultant. This covers post-test support and guidance on remediation activities.

Free Re-Test

We are passionate about our security testing and it’s our firm belief that delivering a report of vulnerabilities should not complete a security test. Following an assessment we will provide clear recommendations on how to mitigate against reported vulnerabilities, and offer free remote retesting following remediation.