What are the different types of penetration testing?
We offer a variety of pen tests which can be delivered as one-offs to spot check your security, or on a recurring basis as part of an on-going security strategy. The exact type of penetration test you require will depend on your security objectives and compliance needs, and we may recommend combined testing – such as a mix of web application and infrastructure testing – to ensure we meet your goals.
Why choose us?
Pen testing services you can trust
Expect more from your penetration testing company than just a list of vulnerabilities. As one of the leading UK security testing companies, Target Defense gives you actionable intel to power faster, more effective remediations.
All findings detailed in our dashboard-driven platform
Remediation guidance included for each & every threat
Insight into business impacts, likelihood & ease of exploitation
At-a-glance prioritization to track threats & manage remediation progress
Make strategic improvements to your security posture
Target Defense Security Qualifications
OSCP & CREST certified penetration testing teams, seasoned compliance & data protection consultants and 7+ years’ experience makes Target Defense your #1 choice for a cybersecurity service provider.
Benefits of penetration testing
Uncover your security weaknesses
Penetration testing uses human skill & insight to uncover threats
Automated security scans
Continuously uncover the latest security threats to your business
At-a-glance prioritization
Results delivered in a modern dashboard-driven platform
Key remediation advice
Fix issues fast with remediation advice included with each threat
Support sales growth
Give customer confidence that you take their security seriously
Helps with compliance
Pen testing helps with SOC 2, PCI DSS, FTC, HIPAA, GDPR, ISO & many more
Get the right penetration testing service
Infrastructure - Attack Surface
1 day, from $995
Designed to simulate the attack patterns of an opportunistic hacker, Attack Surface penetration testing validates and exploits known vulnerabilities that are identified during an automated vulnerability assessment. It’s ideal for organizations wanting a time-limited test, or who want to reduce the likelihood of an opportunistic attacker breaching their defences.
Service enumeration
Patch management
Exploitation of any known applicable vulnerabilities
Information disclosure – content discovery of configuration files & sensitive data
Cryptography – encryption protocols & ciphers
Authentication bypass – weak/default credentials
Application - Attack Surface
1 day, from $1,795
Application Attack Surface penetration testing replicates the attack methods of an opportunistic hacker by confirming and exploiting security weaknesses found during an automated vulnerability assessment. As a time-limited test, it’s a perfect fit for those whose security strategy demands protection against opportunistic attacks.
Patch management – webserver & libraries
Information disclosure – content discovery of configuration files & sensitive data
Cryptography – encryption protocols & ciphers
Authentication bypass – weak/default credentials
Injection-based testing – applicable as XSS, SQL, HTML, XML, JSON
Application - Authenticated
3 days, from $4,995
The Authenticated application penetration testing package simulates a hacker who has phished valid user credentials or infiltrated your perimeter defences. This longer time-limited test expands on the Attack Surface test and is ideal for organizations who need a detailed test to model an attack by a more determined cyber criminal.
Patch management – webserver & libraries
Information disclosure – content discovery of configuration files & sensitive data
Cryptography – encryption protocols & ciphers
Injection-based testing – applicable as XSS, SQL, HTML, XML, JSON
Session control testing – binding, termination, cookie/token management
Access control testing – authentication & authorization controls, including vertical & horizontal assessment, privilege escalation
Business logic testing – transactions & flows
Cloud - Office 365
2 Days, from $3,495
This assessment is designed to uncover insecure configurations and non-conformances in your organization’s Office 365. It maps to security best practices for Office 365 and is ideal for businesses wanting a holistic security review of their Office 365 deployment.
Access control management
Applied security controls to applicable products such as Exchange, SharePoint & Teams
Targeted - Penetration Test
Get in touch
For organizations whose security strategy demands a thorough test, we provide targeted penetration testing. This is an exhaustive penetration test, modelling a targeted attack against your organization. Our expert penetration testers will use all the tools and techniques available to a real-world cyber criminal to meet your specific objectives.
Get a fast penetration testing quote
Stay ahead of the hackers with trusted US penetration testing from Target Defense. Test your network, web apps, clouds & more for security vulnerabilities.
Trusted services from a US pen test provider
Deep dive into threat details
Includes remediation advice for all threats
Automatic prioritization & tracking
Meet compliance and boost your strategy
Trusted by top brands
Rated 5 stars on Google
We’ve always been very impressed with the cyber security services Bulletproof provide us. Their professional approach, knowledge and flexibility have ensured they have become a key trusted partner in our supply chain.
Meet the Penetration Team Leader
Target Defense takes pride in building and nurturing the best cyber talent to ensure our penetration testing services always get the best security outcomes for our clients. Our global teams of OSCP & CREST penetration testers are highly skilled, speak at security events and have discovered CVEs.
I take pride knowing that my team are always thinking creatively to get the best outcomes for our pentest customers. They think like the attacker and are always improving their knowledge to stay on top of emerging threats.JordanPenetration Testing ManagerFollow Jordan on LinkedIn
What our customers say
Target Defense’s expertise and technical understanding were immediately apparent. This gave us confidence that we were going to get a good service and a good outcome. We were right on both counts.
Learn more about penetration testing (FAQ)
A penetration test, often called a pen test or pentest, is a methodical simulated attack on your IT infrastructure, with the aim of discovering security vulnerabilities. The methods and tools of the security testing vary depending on what’s being tested, such as network, systems, web apps, mobile apps or the cloud. Pen testing is requirement of many compliance standards, including PCI DSS, ISO, SOC 2, HIPAA, FTC & more.
Vulnerability scanning, sometimes called automated penetration testing, uses scanning software to methodically and simply scan for a list of known vulnerabilities. Penetration testing on the other hand uses in depth analysis and human ingenuity to uncover security flaws that can’t be found by vulnerability scanning alone.
Automated testing and vulnerability scanning are an important part of your defences, such as helping regular patching, whereas a penetration test provides detailed reporting and remediation advice from cyber security experts. Penetration testing companies will use both tools in their arsenal to make sure your business is protected against cyber threats.
Pentesting engagements vary in their duration depending on the scope of the test. There are several factors to consider, such as if the pentest is internal or external, network size and complexity, and how much information is disclosed upfront. Bulletproof’s dedicated SaaS portal powers our intelligent reporting, meaning that more time is spent delivering penetration testing services, and less time taken up by report writing. This means your business gets a better understanding of the results, and your test is more cost effective.
Bulletproof penetration testing is specifically designed to safely identify and exploit vulnerabilities with minimal risk of disrupting your business operations. Testing can be also performed against a non-production replica of your live environment, such as a UAT/QA environment. A common specification on testing is ‘no denial of service (DoS)’, meaning tests will have a negligible impact on your day-to-day operations.
Bulletproof has innovated our own technology solutions so that almost all types of penetration testing can be performed remotely. Whereas other providers will insist on on-site access for their pentesters, Bulletproof can perform pen testing services remotely.
As a trusted penetration testing service provider, Bulletproof offers a variety of pen tests, as one-offs to spot check your security or on a recurring basis as part of an on-going security strategy. The exact type of penetration test you require depends on your security objectives and compliance needs, such as PCI DSS pen testing. We often find that combined testing – such as a mix of web application and infrastructure/network security testing – gets the best outcome..
Penetration testing projects vary in length and complexity depending on a number of factors, including what apps and infrastructure are being tested, the aims of the test, and the testing parameters. As a leading UK penetration testing service provider, we take the time to understand your aims and objectives, so we can scope a best-fit security test that delivers value for money. As a specialist penetration testing company, we have dedicated pentest scoping experts to help you get the best outcome for your pen test.
Best practices, compliance standards and security professionals all agree that penetration testing should be conducted at least once a year. In addition, extra pentesting should be performed upon significant change or upgrades to your infrastructure. This schedule of security testing is even mandated by certain compliance standards, including PCI DSS.
CREST is an internationally recognised body that promotes the highest standards of security testing. Bulletproof is a member of CREST for penetration testing and security scanning, and our expert pentesters additionally individually hold CREST certifications. Selecting a CREST certified penetration testing company gives you confidence that your pen testing services will be carried out to the highest technical and ethical standards.
At the end of the technical operations, the lead pentester assigned to you will create the comprehensive report and make it available in the Bulletproof threat management portal. The report will detail each threat, the business impact, likelihood of exploitation, how easy it is to fix. Crucially, remediation guidance is included for each and every pen test finding, and the dashboard makes tracking remediations easy. This makes it easier and quicker to improve your security posture. A thorough debrief call is also available, depending on the scope of the test.