Our Penetration Testing Process

What Is Involved in Our Penetration Tests?​​

We provide a range of penetration tests including mobile application, cloud technology, web applications and infrastructure. We are able to provide bespoke test to suit your business requirements.

1. The Scoping Stage

The initial stage will involve our team working with you to understand your needs. If you are unsure of what is required, we will explore with you a pen testing approach that best suits you.

During this phase we also seek to establish a scope, engage any of your third parties, key contacts, timescales and ensure we have all the legal aspects covered. 

The scope will include defining what networks, applications, databases, accounts and other assets that you want to be tested.

2. The Assessment Stage

Using industry recognised practices such as the Open Web Application Security Project (OWASP), the Council of Registered Ethical Security Testers (CREST), Open Source Security Testing Methodology Manual (OSSTMM) and Open Source Intelligence (OSINT) to Penetration Test selected services.

If we identify a critical issue, we will inform you immediately, as this vulnerability may cause immediate risk. We can deliver the assessment phase on your premises or remote, dependent on your requirements and the technical components and environment being assessed. Some of our clients like to watch some of our penetration testing team at work and this can also be arranged if required.

Our tests are open and transparent and you are able to watch our findings in real time on our secure portal.

3. The Reporting Stage

Once the test has concluded we compile all collated evidence from the test and develop a report which includes full details of the assessment, the findings and specific remedial guidance to address the findings.

Our reports are explained in easy to understand language so that you are able to understand how to fix any issues found. Our reporting is also supported with high quality graphical content and can be tailored easily for an executive or technical audience. 

We can also provide redacted contact that you may want to provide to your clients.

4. The Implementation Stage

Following the Penetration Test we can work with you to remediate any issues found. We are able to recommend and implement vulnerability management solutions, which can support you with ongoing identification, risk quantification and remediation of vulnerabilities. We are vendor neutral as an organisation but have a vast level of experience in many industry and open-source products to suit individual client requirements.

We also have a team of engineers that can support you in fixing the remedial actions required, which often assists our clients if they have resource challenges or skill gaps required to address certain findings.

5. The Management Stage

Threats and vulnerabilities appear daily. Identification, quantification and remediation of these provide a continual challenge that all organisations can find difficult to manage.

We at Bridewell provide Penetration Testing Services and Vulnerability Management services on a continual basis including dark web monitoring.

6. Dark Web Monitoring Stage

We provide Dark Web monitoring Services. Using industry recognised technology we are able to monitor activity within the dark web to provide our clients with ongoing intelligence relating to their company and critical systems.

Our Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.