You are here: Home / Professional Services / Security Testing & Assurance / CREST Penetration Testing

A penetration test is a point-in-time, authorised, simulated attack on a target organisation, applying the same tactics, techniques and procedures a real attacker would use. The benefit of a penetration test is that it provides assurance in the investment an organisation has made in cyber security, by attempting to breach the security controls in place.

Penetration tests are objective driven, aiming to achieve unauthorised access to critical systems, applications, and data.

At Quorum Cyber we utilise a combination of automated software tools, proprietary scripts, and manual techniques to test the targets for exploitable vulnerabilities that would allow unauthorised access to system components, applications and data.

Our CREST Penetration Testing Service

Carrying out regular testing allows organisations to replicate a real-life attack scenario in a controlled environment, without any of the dangers involved in an authentic breach.

Quorum Cyber’s CREST Penetration Testing Service is available on the UK Government G-Cloud Framework;

  • MITRE ATT&CK Threat Emulation
  • Cloud Security Assessments
  • External, Internal, Web Applications, Wireless and Mobile Infrastructure
    Social Engineering and Phishing Simulations
  • Secure Source Code Review

Penetration Testing FAQs

A penetration test is one of the most powerful and effective ways to understand and improve your organisations security posture.

We answer the questions commonly asked by first-time penetration testing customers and provide guidance to help you maximise the benefits of your penetration testing experience.

What is a Penetration Test?

A penetration test is a point-in-time, authorised, simulated attack on a target organisation, applying the same tactics, techniques and procedures a real attacker would use.

What is the objective of a Penetration Test?

The objetive of a Penetration Test is to achieve unauthorised access to critical systems, applications, and data.

Should I use the same supplier for a repeat Penetration Test?

Most people consider it ‘best practice’ to alternate between two service providers.  This gives the customer a chance to compare value and/or quality.

However, the customer must first decide whether the building of not one, but two, solid working relationships represents good value for time/money before opting for this approach.  In many cases, having a pre-existing, well-nurtured relationship with one single (trusted) supplier is the preferred option.  This also has added benefits in so far as, the appointed Tester already has a working knowledge of your organisation, as well as some of the daily challenges it faces.

How does a Penetration Test differ from a Vulnerability Scan?

A Vulnerability Scan will search a system for any known vulnerabilities.

A Penetration Test will attempt to actively exploit weaknesses in a security environment.  Where a Vulnerability Scan can be fully automated, a Penetration Test requires varying degrees of expertise if it is to be successfully implemented.

How often do I need to conduct a Penetration Test?

This answer can vary depending on the nature of the organisation and/or the wider market.  However, conducting regular Penetration Tests is essential for maintaining good network security management.  It is recommended that an organisation carries out a Penetration Test at least once a year (1-2 times is the ideal number) in order to properly assess how emerging threats or vulnerabilities may be used to exploit your business.

Explore our latest content and resources

Here you will find our latest news, comprehensive technical blog and thought leadership on developing cyber security related issues.