Security Testing

Infrastructure (External / Internal)

External and internal network penetration testing that shows how far an attacker could get — from your internet perimeter or from a foothold inside.

Your network is attacked from two directions: from the internet, where your perimeter is scanned constantly, and from within, where a single compromised laptop or malicious insider can become a launchpad. Our infrastructure penetration testing covers both, so you know exactly how your network stands up from either side.

External testing targets your internet-facing infrastructure — firewalls, VPN endpoints, mail and web servers, remote access services — to establish what an unauthenticated attacker could reach and exploit. Internal testing assumes the breach has already happened: starting from a network foothold, our consultants attempt privilege escalation and lateral movement to show what a compromised device or rogue insider could actually access. Either can be scoped as a black-box, grey-box or white-box exercise, depending on how much knowledge you want the testers to start with.

Infrastructure penetration testing, not just a scan

This is expert-led manual testing following OWASP, NIST and PTES methodologies. Our CREST-accredited consultants chain weaknesses together — a forgotten service here, a weak credential there — and exploit them where safe and agreed, to demonstrate real-world impact rather than listing theoretical issues.

The engagement runs through Sentry: scoped via a tailored questionnaire and call, findings uploaded in real time, and immediate alerts for critical and high-severity issues while testing is still under way. You receive a board-ready executive summary, detailed technical findings with evidence, CVSS scores and remediation guidance, plus a debrief with your tester. Testing windows are agreed around your operations, with out-of-hours options where change freezes or trading hours demand them.

Free retesting of critical and high-severity findings on internet-facing assets is included as standard, so your external test does not just find problems — it confirms they are fixed. Results support PCI DSS, ISO 27001, Cyber Essentials Plus and cyber insurance requirements, and findings remain in Sentry for remediation tracking and year-on-year comparison.

What you get

Both attack directions

External perimeter testing and internal assumed-breach testing, separately or combined in one engagement.

Expert-led exploitation

CREST-accredited consultants chain and exploit weaknesses where agreed, showing real impact rather than raw scan output.

Real-time findings in Sentry

Issues appear as they are found, with immediate alerts for anything critical or high severity.

Free retesting included

Critical and high findings on internet-facing infrastructure are retested at no extra cost after you fix them.

Compliance-ready evidence

Reports support PCI DSS, ISO 27001, Cyber Essentials Plus and cyber insurance requirements.

How it works

  1. 01

    Scoping and agreement

    Complete a short questionnaire tailored to the test type, then join a scoping call with a consultant. You receive a clear proposal and Statement of Work, and your project is created in Sentry. Typically one to two weeks.

  2. 02

    Pre-engagement preparation

    Your consultant is assigned and logistics are arranged: IP whitelisting, credentials, access and rules of engagement. The testing window is scheduled around your business. Typically one week.

  3. 03

    Testing execution

    Expert-led manual testing begins. Findings appear in Sentry in real time as they are discovered, you are alerted immediately to critical and high-severity issues, and you can message your consultant throughout. From two days for a small web application to fifteen or more for enterprise estates.

  4. 04

    Reporting and delivery

    After quality assurance you receive a board-ready executive summary and detailed technical findings with evidence, CVSS scores and remediation guidance, followed by a debrief session. Findings remain in Sentry for remediation tracking and comparison with future tests.

Frequently asked questions

Straight answers to what prospective clients ask us most.

What is the difference between internal and external penetration testing?

External testing targets your public-facing systems from the internet, as an outside attacker would. Internal testing starts from inside your network — simulating a compromised device or malicious insider — and focuses on privilege escalation and lateral movement. Most organisations benefit from both.

How much information do we need to provide?

That depends on the agreed approach. Black-box testing starts with no prior knowledge, grey-box provides limited information such as diagrams or access, and white-box gives full visibility for maximum depth in the time available. We recommend the approach during scoping — white-box typically delivers the most value for money.

Does the free retest apply to infrastructure testing?

Yes, for internet-facing infrastructure. Critical and high-severity findings from your external test are retested free of charge — just request the retest through Sentry within two calendar months of your report being released.

Will testing disrupt our network?

The risks are very low. Testing windows, rules of engagement and any fragile systems are agreed in advance, our testers use safeguards to minimise operational impact, and you can reach your consultant instantly through Sentry if anything needs to pause.

Ready to talk about infrastructure (external / internal)?

Get a fixed-scope quote, usually the same working day.