We use cookies to ensure our website operates correctly and to monitor visits to our site. This helps us to improve the way our website works, ensuring that users easily find what they are looking for. To allow us to keep doing this, click 'Accept All Cookies'. Alternatively, you can personalise your cookie settings.

Accept All Cookies Personalise settings

Our Security Health Check Penetration Testing services cover application, infrastructure, wireless, cloud and mobile environments. Our certified specialists use industry best practice and extensive experience to identify vulnerabilities in systems, the risks they pose, the consequences of their configuration, and a tailored recommendation for the issue, which makes sense for your business.

We continually adapt to new ways of working. Ransomware attacks are more prevalent and remote working is becoming the new norm. Both government and commercial organisations have recently come under sustained, and at times damaging, attack from increasingly capable adversaries.

Recent high-profile security compromises have proved that whilst the theft of intellectual property or subscriber data can have regulatory or financial implications, the reputational damage that can result from such a breach can have far reaching implications for even the biggest multinationals.

It has also shown that attackers are becoming increasingly sophisticated and are now using multidimensional attacks against their targets. The security of information systems is of paramount importance to almost every type of organisation, as core business functions often depend on digital data, services and infrastructure.

Our methodologies have been extensively examined, our expertise is trusted, and our reporting standards are held in high regard, which is why we are a trusted supplier to many large and small UK government entities.

Key Benefits
  • Identifies how real-world attackers would compromise your systems
  • Provides prioritised recommendations and guidance to fast track remediation
  • Provides real actionable intelligence against your security posture
  • Highly experienced Security Cleared and Developed Vetting CHECK specialists

Contact us

Looking for more information? Click here for our contact form.

Download our Penetration Testing service sheet

CHECK IT Health Check

Our CHECK IT Health Check (ITHC) service provides high-assurance application and infrastructure testing by highly experienced and security cleared, CHECK, CREST and Tigerscheme certified pentest security specialists.

Our CHECK service has been collaboratively supporting pentest accreditation since the late 1990's, proudly using trusted methodologies to safely provide the highest levels of assurance, communicating findings in a professional non-alarmist manner.

As a founding member of the original scheme, Our Security Health Check has been a CHECK approved team since the scheme's inception and are proud to be recognised as one of the UK's best assets in helping protect the UK's IT systems.

Key Benefits
  • Satisfies your mandated and compliance requirements
  • Identifies how real-world attackers would compromise your systems
  • Provides real, actionable intelligence against your security posture
  • Highly experienced Security Cleared and Developed Vetting CHECK specialists

Download our CHECK IT Health Check service sheet

Cyber Intrusion Exercise (CIE)

Cyber Intrusion Exercises use the latest real-world simulated attack delivery methods, to determine how attractive your organisation would look to a motivated and determined adversary. CIE’s can regularly exercise and provide visibility of the robustness of your organisation’s internal technical controls and assure the impact and effectiveness of your third-party investments.

CIE’s are delivered in three main phases:

  • Internet-based assessment
  • Stand-off attacks
  • Onsite testing and egress assessment

This approach helps to fast track your organisational resilience by benchmarking and providing recommended remedial improvements clearly and concisely, from critical to low. CIE’s provide a much higher level of organisational coverage and assurance by complementing conventional annual, compliance driven testing, and therefore delivers more value for money to your business. This new service targeted to SME’s, in addition to our class leading Advanced Intrusion Testing service, which is focused towards enterprise customers, provides a full spectrum capability at an appropriate price point.

Our Approach

Our subject matter experts will undertake testing that aims to simulate attacks against a target application or network using the same tools and techniques as the most highly skilled adversary.

Throughout this process, our experts liaise with the customer to ensure they are kept informed of progress.

All engagements are expertly managed from inception to delivery and include the generation of clear and concise reporting in a timely manner.

Our reports prioritise areas of technical risk and present them in an easily understandable and actionable format.

We can offer SC and higher cleared security specialists with both industry standard CREST, Tigerscheme and Cyber Scheme qualifications.

We offer both on-site and remote, internet-based assessments.

Penetration Testing Training

Our Penetration Testing skills and tradecraft has been honed over decades of experience in the field. This training service takes that knowledge and best practice, distils it into a series of modules and instils our students with knowledge of the laws, tools and tradecraft to succeed as a penetration tester. Our Security Health Check team has developed a training solution to help develop the skills required to quickly and efficiently gain the relevant skills required to perform penetration tests.

Penetration testing, is a pro-active simulated real world attack conducted against a network, system, application or organisation that identifies vulnerabilities and weaknesses. Penetration tests (pentests) are part of an industry recognised approach to identifying and quantifying risk to an organisation. Pentests actively attempt to practically exploit vulnerabilities and exposures in a company’s infrastructure, applications, people and processes as part of a Security Health Check (SHC). Through exploitation, the Security Health Check will provide context to the vulnerability, impact, threat and the likelihood of a breach in an information asset. This module will teach the practical skills required to perform a Security Health Check, along with the reasons why pro-active testing of security, using realistic methodologies is so important for any organisation.

Key Benefits
  • Gain practical advice and appreciation of penetration testing
  • Learn industry recognised methodologies
  • Delivered by qualified CREST and TIGER professionals
  • Practical hands on exercising

Contact us

Looking for more information? Click here for our contact form.

Download our Penetration Testing service sheet

Red Team Tradecraft

Our Red Team training service elevates a penetration tester to think like an offensive security specialist by teaching through lecture and practical experience, across multiple modules, how to plan, build, and execute a high assurance, offensive, cyber operation; the training culminates in a simulated operation against our challenging cyber lab.

This course provides the theoretical and practical experience required to realistically simulate advanced threat actors. This course provides pentesters with the techniques required to become red teamers, and provides blue teamers with the opportunity to practically understand the techniques that may be deployed against them.

The course practically teaches the atomic elements used in a red team attack, including but not limited to setting up the attack platforms, passive and active reconnaissance, phishing, command and control, lateral movement, privilege escalation and exfiltration of target resources. Then the course draws the lessons learnt together in a realistic stand-off electronic attack against a simulated organisation utilising enterprise technologies and mature defensive technologies which alert the “blue team hunt pack” which will try to push you back out of the network if you register on their alert dashboard.

The theoretical elements will also cover the often overlooked infrastructure fundamentals and secure handling of customer data and persistence to protect your access to your clients and to protect their data.

Key Benefits
  • Realistically emulate real world threat actors in a safe environment
  • Learn attack simulation methodologies
  • Access to QinetiQ's challenging assault courses
  • Take skills to the next level

Download our Red Team Tradecraft service sheet