24/7 SOC







Penetration Testing Service

A penetration test evaluates the ability of a computer, network or software application to withstand a cyber attack. The test and its associated penetration test report are essential audit tools for the cyber risk assessment of an IT system. They are used as a practical guide to improve the security of an IT system and to meet the organisational requirements for compliance to standards that include the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.

What is a penetration test?

Penetration testing or ethical hacking uses a series of automated and manual processes to discover the security weaknesses in an IT network, web site or application. Performed with the permission of the system owner, security vulnerabilities are identified and exploited to demonstrate how they can be used to facilitate a cyber attack. Measures and controls to prevent or mitigate the impact of an attack are recommended for each major vulnerability.

What is a vulnerability assessment (VA)?

A vulnerability assessment involves the use of software tools that automatically scan computers, networks, web sites and software applications for security weaknesses. Commercial vulnerability scanners include Nessus, Metasploit and Acunetix. Vulnerability scans are performed at the start of every penetration test to quickly provide a comprehensive list of all known insecure network configurations and vulnerabilities.

Simulated attack and exploitation

The weaknesses identified by vulnerability assessment are manually reviewed and ranked by their potential impact on the organisation. Using the techniques and tools employed by hackers, our experienced penetration testers perform simulated exploits on the vulnerabilities with the highest risk. Each manual exploit is fully documented to demonstrate the attack strategy, its methodology and where possible, factual evidence of exploitation.

Penetration test report

The Wizard Cyber Penetration Test Report includes an overview of the tests performed, an executive management summary, a technical summary and a technical detail section. The Common Vulnerability Scoring System (CVSS) describes the principal characteristics of a vulnerability and defines a numerical score reflecting its potential severity of impact. Remedial activities that prevent or mitigate the cyber exploits associated with each vulnerability are identified and linked to references that provide further detailed background information.

Our Team

The Wizard Cyber penetration testing service is delivered by an experienced team who are certified by CREST (the Council of Registered Security Testers) and have over 15 years of combined experience in the field of information assurance and penetration testing. They are guided by the best practice testing methodology as published by OWASP, OSSTMM, CVSS and the SANS Institute.


Wizard Cyber Penetration Testing Services

Network Penetration Testing

A network penetration test is designed to assess an IT network for vulnerabilities and security issues in its servers, hosts, devices and network services. It particularly focuses on the ‘external view’ as seen by a hacker with respect to Internet-facing assets such as firewalls, intrusion prevention systems, web sites and unauthorised access.

Web Application Penetration Testing

At the heart of modern banking, e-commerce and cloud-based IT provision, web applications are an attractive and easy target for cyber criminals. In common with all software, they contain vulnerabilities which can be exploited by a hacker to steal confidential information directly or to create a transmission platform to infect another computer with malware.

Wireless Penetration Testing

Wireless technologies provide seamless access to IT resources from desktop and mobile devices. They also provide cyber criminals with the opportunity to exploit wireless vulnerabilities associated with logins, passwords, rogue access points, fingerprinting and information leakage.

The benefits of a penetration test

  • Protect your company from cyber attack – prevent theft and loss of reputation
  • Deliver effective cyber security management – select and invest in the best security controls
  • Independent expert assurance – check that security controls are working as intended
  • Protect against compliance breaches – avoid costly fines and litigation
  • Satisfy compliance requirements – achieve and maintain FCA, PCI DSS, GDPR and ISO 27001
  • Demonstrate your cyber security posture – build a secure brand and win new business

Penetration Testing Process

  • null


    → Assessment of requirements and objectives for the network, web site or web app

  • null


    → Manual and automated information gathering to validate details of the scope

  • null


    → Automated Scanning – vulnerability assessment using scanner applications
    → Manual Testing – individual simulated attacks by qualified penetration tester

  • null


    → Full report on vulnerabilities and recommended remedial activity

  • null


    → Remedial activity is implemented, and the test is repeated to check the effectiveness of the new controls

Why use Wizard Cyber for network penetration testing?

  • Experienced Consultants – With over 15 years combined corporate expertise in the field of information assurance & penetration testing
  • Bespoke penetration testing – We will develop a test that fits your business needs
  • Testing Tools – We use open source and commercial tools and our own testing apps developed by our in-house software development team
  • Fully accredited – Certified by CREST and with qualifications from EC Council, Offensive Security and SANS
  • Reporting – Clear and easy to understand reports including recommendations for remediation and improvement
  • Fair Pricing – Fixed price proposals with fully detailed project scope and no unexpected costs