Penetration Testing

We believe that we exist to secure the connected and grant the opportunity of a better online life. Penetration testing helps you achieve that.

We demonstrate this in the way we conduct our Penetration Testing. Just running a bunch of scripts from a Kali installed laptop is not pentesting. We use experience, skill, research and human intuition to provide the best penetration testing on the market.

Penetration Testing

Penetration Testing - What is it?

Penetration Testing is also known as pen testing or ethical hacking. It is the systematic process of discovering security weaknesses within people, process and technology.

During a penetration test, the attackers, played by the penetration testers, act on your behalf to find and test security weaknesses. The weaknesses that criminals or people with malicious intent could exploit. We do this following a methodology. The best way to think of a methodology is to think of it as a recipe book, and it is the guide that is at the centre of everything we do on penetration tests. Our methodology is the Penetration Testing Execution Standard. We further incorporate for Web Applications the OWASP testing Guidelines v4. There are seven steps to any penetration test in our methodology:

This is one of the most critical steps in ensuring success in your penetration test. The Pre-Engagement is where we work together to define the scope, and the goal of the test rigorously. We do this through a scoping call, and you can book these online at a time and date convenient to you.

During the intelligence gather phase, we will review any documents or information you have provided us. We will then scour the internet, and to an extent, the dark webs, to identify any further information or data that could be beneficial to your test. The typical documentation we are looking for includes system architecture, data flow, infrastructure, concepts, password hashes, names, identities etc.

The reconnaissance phase builds on the Intelligence Gathering stage through the use of active, in-depth technical review of the scoped environment. We will delve into each of the systems/applications in scope to identify the component structure.

This part of the penetration test is one of the most time-consuming. Vulnerability Analysis starts with a series of reviews of the scoped environment using vulnerability scanning tools. These identify known vulnerabilities. Every one of these is then manually reviewed and validated. Once the automated scans are complete and the vulnerabilities confirmed, the tester then moves on to attempting to find unknown vulnerabilities manually. With Web Application testing, the bulk of the time is spent in manual vulnerability analysis.

The exploitation phase is where we take all the vulnerabilities we have identified and use them to try and reach the goal set out in the Pre-Engagement step. We review each of the vulnerabilities, identify any exploits available for use and perform exploitation in a safe and controlled manner. In Web Application testing this might lead us to bypass authentication controls or hop to other user accounts. In Infrastructure testing, this might result in the tester being able to sniff passwords on the network or gain access to a server. The goal of exploitation is to work towards achieving the objectives of the test incrementally. Once a successful, the process restarts at Intelligence Gathering within the context of the exploited system or application.

During the post-exploitation aspect of the testing, the tester will be analysing all of the gathered data and the results of individual tests. The analysis includes categorising the detected vulnerabilities and prioritising them per the business and technical context. It is during this step that further testing needs are identified, and the tester will loop back and test or retest specific areas so that complete scope coverage is assured.

The very last stage of the penetration test is the summarisation of the testing and the drawing of a conclusion.

At the end of every engagement is a test report. The report details what was done, what was found, and what should be fixed. These may be:

  • Inadequate or improper configuration settings
  • Known or previously unknown software or hardware flaws
  • Operational gaps within business processes or technical controls.

Our testers are security professionals who spend 25% of their year researching new techniques, understanding the latest attacks and keeping up their professional qualifications. They use their skills honed within this time to mimic the methods used by criminals. They do this without causing you damage. 

Hedgehog Security is a CREST approved member company operating in the UK, across Europe, the Middle East and Asia. Hedgehog Security is authorised to conduct Penetration Testing, Vulnerability Assessments and Cyber Security Consulting, as well as carrying out Cyber Essentials assessments through IASME.

Our Approach

Our approach to every test follows the Penetration Testing Execution Standard and the OWASP Testing Guidelines in their current form. These methodologies are then wrapped into our CREST approved testing methodology.

Understand the environment, system or application in test. Gather any intelligence from public sources.

Explore and map out the parts of the environment to be tested. Overlay OS INT data gathered in the previous step. Create a picture of the client.

Search for exploitable vulnerabilities that may exist in exposed services, APIs, people, applications or hardware.

Attempt to exploit identified vulnerabilities using a combination of public exploits, commercial tools and internally developed tools and exploit code.

Document everything that has been performed, what works and what didn’t and create a risk focused test report that provides the right level of detail.

Penetration tests can be performed as black box tests where the tester has zero knowledge of the environment, grey box where the tester has minimal information or white box where the tester has a starting knowledge of the environment. For the ultimate in penetration testing, we can perform a comprehensive Red Team style test.

All tests performed by highly qualified penetration testers. All testers are OSCP, OSWE and CREST CRT qualified. We simulate real world attacker techniques and our testing covers, comprehensively, all necessary aspects to satisfy FCA, PCI-DSS and Government requirements for a penetration test.

Cost of Penetration Testing

There is what appears to be much secrecy in the cybersecurity industry over to the cost of penetration testing. While this is true to an extent, it is mostly because every test is a little different from the number of systems involved in the depth of testing, goals required and technologies. It all varies the cost, some in a small way and others to a great extent.

To help visitors to our site understand the costs involved, we put together the following examples based on our most common tests.

Test Type Scope Possible Price Range

Internal penetration test against all internal systems. This comprises of:

  • 50 Windows workstations (mix of PCs and laptops) on one single Active Directory domain
  • 4 Windows servers (all VM's on one VMWare server)
  • 3 printers
  • VoIP phone system
  • 2 Wireless networks
Mobile App

One android based mobile application. Simple user interface that is used to collect field data from a user on jobs and send that data back to a cloud based server. No local information is stored on the application and all authentication is performed across the mobile networks to the application server.

Web Application

A PHP application based on the Laravel framework that allows users to subscribe to our service, create news feeds and blog entries and sell their goods on our platform.

  • 50 dynamic pages
  • 100+ static pages
  • 300 points of interaction
  • 3 card payment options for client use
  • 3 user levels. Admin, Shop Staff and Customer


Testing must meet requirement 11.3 of the PCI-DSS due to the card payments.


These are of course just examples. We regularly perform penetration testing engagements for clients from 1 day up to 60 days. It is all dependent on the scope of the test.

Penetration Testing versus [Secure]

[Secure] is our online Attack Surface, Vulnerability Management and Cyber Risk monitoring platform. For all subscribers to [secure] we offer 20% of all Penetration Tests. We do this because, as good as vulnerability scanning is, it is not a penetration test. To put it into the context of the Approach section above, [secure] will only do two sections of the methodology; Reconnaissance and Vulnerability Assessment.

In order to get a full picture of Cyber Risk you must combine the regular use of [secure] with scheduled penetration tests.

Penetration Testing versus Vulnerability Scanning

Vulnerability Scanning is a simple process. It is where a piece of software scans the IP address or URL to identify any known vulnerabilities. To put it into the context of the Approach section above, a vulnerability scan will only do one sections of the methodology; Vulnerability Assessment.

In order to get a full picture of Cyber Risk you must combine the regular use of vulnerability scans on a weekly or monthly cycle with scheduled penetration tests.

Types of Penetration Testing Performed

In the table below, you can see our core areas of penetration testing along with the common objectives and the benefits the testing brings to the business. Along with this, we have included an example price. The example price is based around a typical small engagement for a small business with outsourced IT systems, 2 web applications and 50 staff.

For an accurate price on your pentesting needs, simply call or email us and we will be more than happy to have a scoping call and provide you with an accurate cost and timescale.

Our Test Type Objective Benefit
External Penetration Test
Identify and exploit vulnerabilities on systems, services and applications exposed to the internet.
Understand risks to assets exposed to the internet.
Internal Penetration Test
Simulate a malicious insider or an attacker that has gained access to an end-user system, including escalating privileges, install custom malware or extracting critical data.
Understand risk to business from a breach.
Web Application Testing
Comprehensively assess web or mobile applications for vulnerabilities that can lead to unauthorised access or data exposure.
Understand the security of applications that grant access to critical data.
Mobile Device Assessments
Comprehensively asses the security of mobile devices and installed applications.
Understand risk introduced through mobile applications.
Social Engineering
Assess the security awareness and general security controls with respect to human manipulation, including email, phone, media drops and physical access.
Understand how an organisation reacts to exploitation of human assets.
Wireless Technology Assessments
Assess the security of your deployed wireless solutions, including traditional 802.x networks, Bluetooth, Zigbee, Sub 1Ghz, infrared and satellite networks.
Understand how secure data in transit and systems communication via wireless technology actually are.
Embedded / IoT Devices
Assess the security of your device(s) by attempting to exploit the embedded firmware, control the device by passing or injecting malicious commands or modify data sent from the device.
Understand the security of devices and the ability to guarantee that the commands issues to and information received from the device are safe.
Industrial Control Systems
Combine penetration testing and exploitation experience with ICS expert knowledge to prove the extent an attacker can access, exploit or otherwise interfere with critical ICS/SCADA systems.
Understand the vulnerabilities in an ICS/SCADA environment before an attacker is able to exploit them.

Download our Brochure

Hedgehog Security

Penetration Testing News