Penetration Testing Services

Aptive are a UK penetration testing company providing internal and external web & network pen testing services. Our manual pen testing helps with compliance standards such as PCI DSS & ISO 27001.

Penetration Security Testing Services:

The following section outlines the manual penetration testing services offered by Aptive, which are tailored to the specific needs of UK businesses and organisations. Our cybersecurity experts possess extensive experience in addressing the distinctive security requirements of UK organisations. By employing industry-standard testing methodologies and tools, we are able to identify vulnerabilities, prioritise risks, and provide actionable recommendations to proactively identify potential security risks within your organisation.

Penetration Testing Services:

External Network Penetration Testing Services

A network infrastructure penetration test is performed externally or internally to identify vulnerabilities and security issues at the infrastructure level. After discovery, vulnerabilities are safely exploited, confirming if the vulnerability exists. The process is manual, removing false positives typically returned by automated tools and vulnerability assessments.

Typical Issues:

API & Web Application Penetration Testing

Web application penetration testing is a method of simulating a real-world attack in order to identify security issues within an organisation’s web applications or web services, such as REST API’s. The identified vulnerabilities are documented in a severity-ordered report, which includes clear recommendation instructions, allowing the organisation to fix and secure the identified security issues..

Typical Issues:

Mobile Application Security Assessment Service

Mobile app penetration testing is a manual assessment conducted by our consultants against a mobile application. The assessment is typically dynamic, conducted while the application is running, although the client may opt to make the source code available for the assessment. Providing source code optimises testing time by allowing for faster discovery and validation of security vulnerabilities, and removes the need to reverse engineer binaries.

Typical Issues:

Internal Network Assessment Services

Internal network penetration testing is conducted on-site or via the deployment of an appliance, which enables our team to connect remotely. The deployment of an appliance on-site affords penetration testers the flexibility to perform work outside of normal business hours, thereby reducing costs and the risk of business disruption.

Typical Issues:

Advantages of Performing Security Testing

The identification of cybersecurity issues and risks is a crucial aspect of any organisation’s IT security strategy. A comprehensive overview of the current state of IT security is essential for any organisation seeking to evaluate its compliance with various standards, such as PCI DSS and ISO 27001. A certified consultant can provide invaluable assistance in this process, verifying the presence of identified security issues and offering a practical overview of the current state of IT security.

  • Obtain an understanding of the present security status – the assessment provides a report with a prioritised list of identified security issues for your organisation based on risk and severity
  • Address compliance requirements – many regulatory and compliance standards such as the GDPR, ISO 27001 and PCI DSS recommend or require annual testing
  • Protect your company brand and reputation – by identifying security issues you’re taking a step to help prevent a data breach
  • Manage resources – using the severity ordered remediation plan, accurately assign your organisations resources to remediate high severity issues first
  • Justify budget – using Aptive’s report you can reach out to non-technical budget controllers or stake holder and justify additional budgets for resources / hardware to improve your organisations cyber security
  • Test existing controls – many organisations spend large amounts of their budgets implementing security protection devices such as firewalls, WAFs, and vulnerability management. Assessment will help identify if controls are configured correctly and are working as expected

Why use Aptive

Certified Consultants

Performed by OSCP certified testers.

Free Retesting

Free, retesting on discovered security issues within 30 days.

Proven Methodology

Aptive performs security assessments based on the OWASP methodology.

Easy to Understand Reports

Discovered security issues in severity order with clear remediation instructions.

Fixed Price Proposals

Transparent costs and fixed price proposals, giving you peace of mind.

Custom Service

Custom Testing tailored to your business requirements.

Request a penetration testing quote today

why cyber security and PEN testing is important
  1. Scoping Working with you to identify all systems / applications that require assessment.
  2. Testing Security testing is conducted by our certified consultants, following our internal methodology.
  3. Reporting Delivering clear easy to understand severity ordered reports, detailing identified issues and providing concise remediation steps.
  4. Debrief Further explanation and demonstrations of vulnerabilities / exploits.
  5. Retesting

46% of UK businesses overall identified cyber security breaches or attacks in the last 12 months

Cyber Security Breaches Survey 2017 – GOV.UK

45% of breaches were micro/small businesses

Cyber Security Breaches Survey 2017 – GOV.UK

66% were medium to large businesses

Cyber Security Breaches Survey 2017 – GOV.UK

74% of UK businesses where directors or senior management say cyber security is a high priority

Cyber Security Breaches Survey 2017 – GOV.UK

How often should Penetration Testing be conducted?

Assessments should be performed on a regular basis to ensure newly discovered threats and vulnerabilities are discovered and resolved before any potential attacker detects and exploits them in a real world scenario. In addition to regular security assessments demanded by regulatory and compliance standards, network security audits should also be completed when:

  • New changes to network infrastructure
  • External servers or applications are deployed (including cloud / external servers)
  • Significant upgrades or modifications to infrastructure or applications
  • At new office locations
  • After the company acquires other companies (including mergers)
  • After security patching to ensure applications and infrastructure are no longer vulnerable

Testing Methodology

Below is an overview of Aptive’s testing process.

Discovery / Reconnaissance

Discovery takes place before any engagement is conducted, the process involves collecting as much information about the organisation or application as possible.

Network Mapping / Enumeration

In scope addresses are manually enumerated for useful information such as services and versions.

Service Enumeration

As much information as possible is gathered / enumerated from each exposed service.

Vulnerability Assessment

After enumeration of the server(s) / network a Vulnerability assessment is completed, helping identify known public vulnerabilities. This process helps identify information that can be manually assessed in the next step.

Password Testing

Depending on client requirements, discovered forms or password hashes are tested using the latest password recovery techniques, helping identify if current password policies are sufficient.

Vulnerability Research

Services revealed at the enumeration and vulnerability assessment stage are researched for public exploits and or known exploit methods.


Discovered services are manually and safely tested or exploited to confirm if they are vulnerable.


Successfully compromised machines are locally enumerated for valuable data, if possible (scope permitting) user privileges are escalated to admin root. Screenshots of account privilege level or discovered data are taken for evidence.

Lateral Movement

Lateral movement uses compromised machines are used to route traffic, allowing the pen testing consultant to access the internal network or other machines / network subnet. This demonstrates the risk of a potential breach and how far an attacker may get within the target companies network.


All discovered security findings are documented in severity ordered report with clear concise remediation instructions and their associated risk and impact.


All our manual assessment services come with free retesting on reported findings.

and image of pen testing costs

How Much Does a Penetration Test Cost?

All our penetration testing services are performed manually using methodologies based on industry-approved frameworks such as OWASP. If you would like to sample the quality of our work you can request an example report.

TypeStarting PriceDescription
External Network Request PricePrice for an external test for up to 10 external IP addresses, pen testing assesses an organisations network & infrastructure externally, helping identify vulnerabilities & security issues.
Internal Network Request PricePrice for internal test for up to 25 internal addresses, pen testing is performed inside the corporate network, assessing operating system & infrastructure security vulnerabilities. *
Web Application Request PricePrice for a manual security assessment of a single web application consisting of less than 25 static or dynamic pages, 1 level of authentication. The web app security test includes file upload testing and all areas of the OWASP top 10.
Mobile Application Request PricePrice for a manual mobile app security assessment for a single iOS or Android application, mobile apps are assessed using a methodology based on the OWASP mobile testing framework.
Wireless Request PriceWireless network security audit, performed manually. Price is for a single AP as part of an internal pen test, additional AP's can be added for an additional charge.
Prices are in GBP + VAT Prices are provided as examples to help potential clients. * custom services and web applications are not included. All our security services meet the requirements / recommendations for PCI DSS 3.2 and ISO 27001.

The cost of a penetration test can vary widely based on several factors, including the scope of the test, the complexity of the systems being tested, the size of the organisation, and the specific requirements of the engagement. You can contact us to confirm.
The duration of a penetration test can vary based on several factors, including the scope of the test, the complexity of the systems being assessed, and the specific goals of the engagement. You can contact us to confirm.
The turnaround time can vary based on factors such as the scope of the test, the complexity of the systems being assessed, and the specific requirements of the engagement. You can contact us to confirm.
Yes, our services make use of the best in industry automated tools to improve coverage and compliment our manual testing methodologies. You can read more about VAPT in our Cyber Security knowledge base.
A penetration test, often abbreviated as “pen test,” is a simulated cyber attack on a computer system, network, application, or organization conducted by ethical hackers or security professionals. The primary goal of a penetration test is to identify and evaluate the vulnerabilities and weaknesses within the target system, with the aim of providing recommendations to improve security. For more information see our what is penetration testing guide.
Yes we offer US penetration testing services including all major cities in the United States, for more information see our US penetration testing services page.