CREST approved Penetration testing from our experts

  • Red Team Testing
  • PCI-DSS Penetration Testing
  • Web Application Penetration Testing
  • Infrastructure Penetration Testing
  • Wireless Penetration Testing
  • Social Engineering & Physical Penetration Testing
  • PSN IT Health Checks

Our Penetration Testing Service

Penetration Testing allows you to identify where the weak-points in your security are.

Conducting Penetration Testing against your people, process and technology will gain you an insight into how well security operates throughout your business and how well they are able to withstand an attack.

We use our global reach and research insights to collect, process and analyse how threats are evolving. This allows you to stay informed with general threats, industry specific threats and very targeted threats to your organisation.

CREST Approved

Hedgehog Security provides CREST approved Penetration Testing services to business of all sizes. Our growing team includes:

  • 7 Permanent Penetration Testers and 3 Team Leaders
  • 3 Separate Teams for separation
  • 11 research papers a year
  • All Board Capable

All of our CREST engagements are carried out by CREST certified and highly qualified individuals. When it comes to wanting the very best testing conducted, make sure you ask for a CREST qualified tester.

You can review our CREST membership status here


Our Methodology

Our methodology is based on the Penetration Testing Execution Standard.

Defining scope is arguably one of the most important components of a penetration test, yet it is also one of the hardest. While defining your scope, we will require a technical scoping call between one of penetration testers (usually the tester who will be doing the work) and your technical team. This is so we can understand what you want testing, the boundaries of the testing and what is within scope. Very important to us is also to discover if there is anything that could be adversely affected by the testing.

We will also look to understand what you want out of the test. Is it a test to satisfy your clients or regulators etc. This was we can produce a set of reports following the test that are best suited to your circumstances.

This section defines the Intelligence Gathering activities of a penetration test which is usually carried out as a first activity following the placing of an order. The purpose of this is to provide the tester with a working methodology designed specifically for the pentester performing the test. This part of the engagement produces a document that most clients never see, detailing the thought process and goals of the penetration test.

The Intelligence Gathering levels are currently split into three categories, and a typical example is given for each one. These should guide the adding of techniques in the document below. For example, an intensive activity such as creating a Facebook profile and analysing the target’s social network is appropriate in more advanced cases, and should be labelled with the appropriate level. See the mindmap below for examples.

Compliance Driven Engagement: This is mainly a click-button information gathering process using a series of automated tools and is done to support tests being undertaken for PCI-DSS / FCA / HIPAA etc.

Best Practice Engagement: This level builds on the previously section and further manual analysis is performed. A good understanding of the business, including information such as physical location, business relationships, org charts etc. are gained and added to the test notes. This is really valuable when conducting a test against a harder target or a business that is looking to take security and defence to the next level.

Continual Cyber Assurance Our Continual Cyber Assurance penetration tests require greater levels of information and build on the previous two with a lot of manual analysis. Detailed information on social networks, heavy analysis of open source intelligence data sets, deep understanding of business relationships are undertaken over a large number of hours to accomplish the gathering and correlation.

Vulnerability Analysis is the process of discovering flaws in systems and applications which can be leveraged by an attacker, and your Penetration Tester. These flaws can range anywhere from host and service misconfiguration, or insecure application design. Although the process used to look for flaws varies and is highly dependent on the particular component being tested, some key principals apply to the process.

When conducting vulnerability analysis the tester will properly scope the testing for applicable depth and breadth to meet the goals and/or requirements documented in the Pre-Engagement scope section of work. Depth values can include such things as the location of an assessment tool, authentication requirements, etc. For example, in some cases it maybe the goal of the test to validate mitigation is in place, working and the vulnerability is not accessible; while in other instances the goal maybe to test every applicable variable with authenticated access in an effort to discover all applicable vulnerabilities.

Whatever the scope, the testing is tailored to meet the depth requirements to reach your goals. Depth of testing is always validated to ensure the results of the assessment meet the expectation (i.e. did all the machines authenticate, etc.). In addition to depth, breadth must also be taken into consideration when conducting vulnerability testing. Breadth values can include things such as target networks, segments, hosts, application, inventories, etc. The breadth of testing is always validated to ensure we have met your testing scope (i.e. was every machine in the inventory alive at the time of scanning? If not, why).

The exploitation phase of a penetration test focuses solely on establishing access to a system or resource by bypassing security restrictions. As a considerable amount of vulnerability analysis will have been performed prior, this phase is well planned and precise. The main focus is to identify the main entry point into the organization and to identify high value target assets.

During this phase we may take on the persona of the main chaotic actors that could affect your business. This may be an external attacker that has gained access and wishes to proceed quietly and un-noticed or it may be an internal attacker who is not too particular about the amount of noise created. We may even take the persona of malware, simulating a malware attack that was successful in the initial stages following a phishing attack.

The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and setup one or more methods of accessing the machine at a later time. In cases where these methods differ from the agreed upon Rules of Engagement, the Rules of Engagement must be followed.

This is the most important area for you. This is where we bring together all the information we have gathered into a document. A report is typically split into three parts:

Executive Report: This is a high level-non technical report and delivers the main messages of the test results. This section is heavy on management level terminology, charts and graphs.

Penetration Test Report: This is the critical information around your penetration test. Here we document what we did, how we did it and whether or not it was successful.

Technical Report: This is the technical detail on each of the issues found and an overview of how to fix the issue.

Completing the reporting phase can take up to a week to complete as we have a highly robust 3 stage Quality Assurance process.

Download our Penetration Testing white paper


Let's get in touch

Send us a message
Call us

UK Office

Tel: 0161 850 0454

10th Floor, 3 Hardman Street
Spinningfields, Manchester
M3 3HF

Gibraltar Office

Tel: 540 65558

1st Floor, 138a Main Street
GX11 1AA