Security Testing

Wi-Fi

Wireless security testing that finds the weak encryption, rogue access points and segregation gaps an attacker in your car park is looking for.

An attacker does not need to breach your firewall if they can join your network from the car park. Our WiFi penetration testing (Wi-Fi security assessment) shows whether your wireless estate is a hardened extension of your network — or an open side door into it.

Our CREST-accredited consultants assess your access points, encryption protocols, authentication mechanisms and network configuration against the attacks used in the real world: cracking weak or shared credentials, exploiting misconfigured WPA2 and WPA3 deployments, standing up rogue access points and evil-twin networks to capture user credentials, and hunting for unauthorised access points staff may have connected themselves. Captive portals and pre-shared key management are reviewed too, because weak processes routinely undo strong encryption.

What Wi-Fi penetration testing covers

Just as important as getting on the network is what an attacker can reach once connected. We test the segregation between corporate, guest and IoT wireless networks and the wired estate behind them — because a guest network that can see your servers is not a guest network. Where agreed, testing continues past the initial foothold to demonstrate the real-world impact of a wireless compromise.

The engagement runs through Sentry like all our testing: a tailored scoping questionnaire and call, findings uploaded in real time, immediate alerts for critical and high-severity issues and direct messaging with your consultant. Reporting includes a board-ready executive summary and detailed technical findings with evidence, CVSS scores and practical remediation guidance, followed by a debrief.

Wireless testing is typically delivered on-site at your premises, scoped around your locations and estate size, and combines naturally with internal infrastructure testing in a single engagement. Multi-site organisations can sample representative locations or rotate testing across sites year by year. Results support PCI DSS, ISO 27001 and Cyber Essentials Plus evidence, and findings remain in Sentry for remediation tracking and comparison with future assessments.

What you get

Real-world wireless attacks

Credential cracking, rogue access points, evil twins and misconfiguration abuse — the techniques attackers actually use.

Segregation put to the test

We verify that guest, corporate and IoT networks are genuinely isolated from each other and from your wired estate.

Rogue access point discovery

Unauthorised or forgotten access points are identified before an attacker finds them.

Real-time findings in Sentry

Issues appear as they are discovered, with immediate alerts for critical and high-severity findings.

Compliance-ready evidence

Reports support PCI DSS, ISO 27001 and Cyber Essentials Plus requirements for wireless security.

How it works

  1. 01

    Scoping and agreement

    Complete a short questionnaire tailored to the test type, then join a scoping call with a consultant. You receive a clear proposal and Statement of Work, and your project is created in Sentry. Typically one to two weeks.

  2. 02

    Pre-engagement preparation

    Your consultant is assigned and logistics are arranged: IP whitelisting, credentials, access and rules of engagement. The testing window is scheduled around your business. Typically one week.

  3. 03

    Testing execution

    Expert-led manual testing begins. Findings appear in Sentry in real time as they are discovered, you are alerted immediately to critical and high-severity issues, and you can message your consultant throughout. From two days for a small web application to fifteen or more for enterprise estates.

  4. 04

    Reporting and delivery

    After quality assurance you receive a board-ready executive summary and detailed technical findings with evidence, CVSS scores and remediation guidance, followed by a debrief session. Findings remain in Sentry for remediation tracking and comparison with future tests.

Frequently asked questions

Straight answers to what prospective clients ask us most.

Does Wi-Fi testing require a site visit?

Usually, yes — wireless attacks are constrained by radio range, so testing from where an attacker would sit gives the truest picture. Multi-site estates can be sampled sensibly, and we agree the approach during scoping.

Is our guest Wi-Fi really a risk?

It can be. Guest networks are only safe if they are properly segregated from your corporate systems — a common failure we find is guest traffic that can reach internal servers or management interfaces. Testing verifies the isolation actually holds.

We use WPA3 — do we still need testing?

WPA3 raises the bar but does not remove the risk. Misconfiguration, transition modes, weak authentication back-ends and rogue access points all remain exploitable, and only testing shows how your specific deployment stands up.

Can Wi-Fi testing be combined with other testing?

Yes. Wireless testing pairs naturally with internal infrastructure testing — together they show both how an attacker gets onto your network and how far they could go afterwards — and can be scoped into a single engagement with one report.

Ready to talk about wi-fi?

Get a fixed-scope quote, usually the same working day.