Why Rootshell’s penetration testing services?
We provide industry-leading penetration testing services to businesses in the UK.
CREST-certified pen testing: CREST is an internationally recognised accreditation for penetration testing services. Our CREST-certified testers carry out your penetration testing services to the highest technical and ethical standards.
Quality assured: We deliver our penetration testing services to industry standards, such as Open Web Application Security Project (OWASP) guidelines, the National Institute for Standards and Technology (NIST), and the Penetration Testing Execution Standard (PTES).
Expert advice and support: Following your penetration test, our CREST-certified testers provide you with expert guidance and support. You will receive clear reports and advice, along with step-by-step instructions, ensuring you know exactly how to remediate and reduce risk.
Remote penetration testing: We believe cyber security must continue, whether we can access your site in-person or not. Our penetration testing devices enable our testers to remotely access your organisation from our secure Security Operation Centre (SOC). They can then carry out penetration testing services as though they were on-site.
What is involved in penetration testing?
Our fully-managed penetration testing service is carried out in five stages.
Scoping: We work closely with your organisation to understand and agree the complexity of your requirements. This gives us the opportunity to discuss any prerequisites, such as test accounts, authorisation, and escalation processes. All scoping, including exchanging information, is conducted securely within the Rootshell Platform.
Pen Testing: Your penetration testing services will be performed by our experienced security consultants, who hold the highest industry qualifications, such as CREST and Offensive Security Certified Professional (OSCP). Your assigned consultants will carry out the pen testing as agreed and update you throughout the process.
Reporting: We provide you with clear and extensive pen test reporting, detailing all our findings from your penetration test. The report provides you with a clear understanding of any areas of risk or vulnerability and will form the basis of your remediation process.
Review: Once your penetration test is complete and you have reviewed your report, you can discuss all aspects of it with your consultant. We offer expert post-pen test support and guidance on remediation activities.
Free Re-Test: We are passionate about our cybersecurity testing and it’s our firm belief that delivering a report of vulnerabilities should not complete a penetration test. Following an assessment, we will provide clear recommendations on how to mitigate against reported vulnerabilities and offer free remote retesting following remediation.
How often should a penetration test be done?
It’s often assumed that conducting penetration testing services once a year is sufficient, but a lot can happen between annual penetration tests. It’s recommended that you conduct a pen test any time you make significant changes to your infrastructure or network, such as when you:
Apply patches or upgrades to software
Use a new web application
Change your office location or add a new office to your network
What are the types of penetration testing?
We offer a range of penetration testing services. Our security consultants will work closely with you to establish what types of pen testing services your organisation needs.