Why choose Bulletproof as your penetration testing partner?

Competitive Prices

Competitive Prices

We offer highly affordable penetration testing solutions to ensure companies of all sizes can protect themselves from cybersecurity threats.

Qualified Security Experts

Qualified Security Experts

All our penetration testers are independently qualified by industry-recognised bodies such as CREST and Tigerscheme.

Comprehensive Reporting

Comprehensive Reporting

You’ll receive a comprehensive report complete with remediation advice and guidance. As well as a full debrief call to run through the findings.

Free Vulnerability Scan

Free Vulnerability Scans

Protect your business all year round with 12 months of free vulnerability scans when you choose Bulletproof as your penetration testing partner.

Paymentsense Logo

We’ve always been very impressed with the cyber security services Bulletproof provide us. Their professional approach, knowledge and flexibility have ensured they have become a key trusted partner in our supply chain.

Nick Fryer

CTO, Paymentsense (Europe's largest merchant service provider)

Choose from our complete range of penetration testing services

Web application penetration testing

  • Uncover vulnerabilities and insecure functionality
  • Identify all security risks, including the OWASP Top 10
  • Multiple test types, including authenticated and API testing
  • Proven track record for exposing security flaws
Web application penetration testing

Network and infrastructure penetration testing

  • Test your network & infrastructure for weaknesses
  • Check services, patch levels and configurations
  • Multiple test types, including external and internal testing
  • Established pedigree for exposing vulnerabilities
Network penetration testing

Mobile application penetration testing

  • Uncover insecure app functionality
  • Exploit discovered weaknesses in your app
  • Secure your software development lifecycle
  • Proven expertise in securing iOS and Android apps
Mobile application penetration testing

Social engineering prevention services

  • Find out the effectiveness of your social engineering controls
  • Maximise your employees’ security vigilance
  • Get maximum protection with regular tests and training
  • Extensive experience in tailoring campaigns to your security objectives
Social engineering prevention services

Red team security testing

  • Identify risks and exploit weaknesses in your physical and cyber defences
  • A carefully pre-defined scope sets the rules of engagement
  • Multi-layered approach for maximum impact
  • Proven track record in exposing critical security flaws
Red team security testing

Get in touch for a free quote today

If you’re interested in our penetration testing services, get a free, no obligation quote today by filling out the form below.

By submitting this form, I agree to the Bulletproof privacy policy.

Frequently asked questions

What is penetration testing?

Penetration testing is where a someone takes on the role of a hacker and attempts to compromise or gain unauthorised access to a network or an application. Also known as white hat hacking, a qualified professional will make use of automated tools and manual processes to uncover any vulnerabilities and misconfigurations that present a cyber-security risk.

A penetration test will give companies an overview of their security posture, highlighting flaws and allowing them to be patched before they are targeted by malicious hackers. Also known as white hat or ethical hacking, penetration tests are a vital part of an effective security strategy and are a mandatory component of many compliance schemes.

What are the different types of penetration test?

There are several types of penetration testing that can be defined as either black, white or grey box testing. It’s also worth specifying there is a difference between an application test and an infrastructure test. An application test, as the name suggests, is where a tester looks for flaws within an application to see if there’s any way to get at data or manipulate functionality in a way that wasn’t intended. This can involve cookie theft, XSS, man-in-the-middle attacks etc. Infrastructure tests on the other hand are where the tester attempts to gain entrance to a corporate network.

Black box testing

Black box testing is the closest simulation of real-world hacking in that the tester will know very little, if anything about the target other than what is publicly available. These are often the least time-consuming tests as it relies solely on the tester discovering vulnerabilities in outwardly facing components. However, whilst these tests accurately represent real life situations, they will not pick up any vulnerabilities or misconfigurations that may be present internally. Therefore, they cannot predict what damage an internal threat may cause.

White box testing

White box testing offers the most thorough security test in which the tester has a full understanding of the application or infrastructure, how it works and has access from various levels. It’s likely that they’ll even have access to the source code or have a full detailed map of the internal infrastructure. The tester will probe for vulnerabilities and misconfigurations to try and gain access from an external position, as well as look to see what damage can be done from an internal perspective.

Grey box testing

Grey box testing is a blend of black and white box testing and is often the most popular type of test. The tester will have a limited knowledge of the target, potentially including some documentation. They will often have basic user level access, allowing for partial testing of the target’s internals.

Network penetration test

A network penetration test is where a cyber professional attempts to breach an organisation’s infrastructure. The tester will check for misconfigurations, outdated software, logical flaws and even look for a means to escalate privileges if they manage to gain access. They will tend to focus on:

  • Firewall configurations
  • Segmentation
  • Privilege escalation
  • Incorrectly stored data
  • Default credentials

Application testing

Application penetration tests can be quite involved. They are designed to uncover any vulnerabilities or weaknesses present in a web app or mobile application that could compromise the security or induce functionality not intended by the designers. The difficulty of these tests will depend on what scripts are being employed or how the application is built. Generally, testers will be looking for outdated software, cross-site scripting (XSS) vulnerabilities and weak cryptography, or they will try and tamper with cookies and functionality.

What’s the difference between penetration testing and vulnerability assessments?

The terms penetration test and vulnerability assessment are often wrongly used interchangeably. A vulnerability assessment, or VA scan, is the use of an automated tool to scan a network or application for known vulnerabilities, which can then be patched. A penetration test is a lot more involved and encompasses many aspects, providing you with a more comprehensive overview of your overall security.

A vulnerability scan may well be used in the initial stages of a penetration test to see if there are any easily exploited flaws to work with. The tester will then go a step further, making use of brute-forcing, code injections, social engineering and much more.

Penetration Testing vs Vulnerability Assessment
View full size (103 KB)

What are the stages of a penetration test?

All penetration test projects will start with an accurate scoping. Once the boundaries have been agreed and a goal decided upon, testers will begin some reconnaissance. This is the starting point for any hacker and the beginning of the cyber kill chain. This may include looking for any related URLs or domains that could be considered in scope and increase the attack area or conducting some vulnerability scans on their target. If social engineering is included in the test, recon activity may include searching publicly available sources for staff contact details, staff pass designs or email address formats.

The testers will then attempt to exploit any weakness found to gain unauthorised access. This can often have a trial and error-based approach. If successful, the tester will find out the extent of a hacker’s potential reach, compile some evidence and then provide a detailed report along with remediation advice.

Tests will often follow these steps:

  • Reconnaissance
  • Scanning with automated tools
  • Probing for weaknesses/misconfigurations
  • Testing for flaws such as XSS, man-in-the-middle attacks etc.

What is social engineering?

Social engineering is the process of leveraging the human aspect of a business in order to compromise security. The most common form of this is phishing. This involves tricking users via email into following a malicious link, downloading malware or submitting their credentials.

This is often the easiest way for a hacker to compromise a business. No matter how formidable your cyber security is, a member of staff can easily undo it all. In 2019, phishing attacks attempting to get ransomware into businesses had risen 109% from 2017.

Social engineering is a fancy term for what can often be a simple approach. How many times have you received an email that looks like the following?

Dear User,

Your Outlook password is due to expire and requires resetting. Please follow this link to reset it.



IT Dept.

That link will no doubt direct you to a malicious portal owned by hackers intent on getting your password and, if you clicked the link and reset your password, then they’ll have it. When booking a penetration test, many companies choose to include an element of social engineering in order to test their staff’s susceptibility to phishing.

Some important things to look out for is poor spelling and grammar, both in the body text and the email address.

What is red team testing?

Some businesses choose to go a step further when it comes to testing their security. Red team testing is a mix of penetration testing, social engineering and physical intrusion. Testers will follow the same process as a standard penetration test in order to compromise data, but will also see if they can exploit flaws (even in physical tech) to gain access to buildings and data centres.

Red team testing can involve a lot of face to face interaction, testing processes and procedures that form part of information security. It may involve phone calls, simple tailgating or even pretending to deliver milk.

Red team assessments provide businesses with a complete analysis of their security, be it technical, physical or procedural. The process often follows the following outline:

Red Teaming
View full size (73 KB)

What are the penetration testing costs?

The cost of a penetration test can vary considerably with many factors to consider. The size of the network/application, its complexity and the overall scope will be the main variables.

As a general rule (at Bulletproof) the prices for pen testing can be broken down as thus:

Penetration testing prices
Test TypeDescriptionGuide price
Small pen testTests of small web app and associated cloud infrastructure. Black box, unauthenticated test designed to mimic a real-world attack with no details of environment disclosed upfront.£1,000-£3,000
Medium pen testApplication test of a medium web-based management portal and associated cloud infrastructure. Can be authenticated or unauthenticated. Usually, grey box.£3,000-£5,000
Large pen testA larger test of external applications, systems infrastructure and social engineering. A comprehensive security review with limited information disclosed up front.£5,000-£20,000

Of course, these prices and features depend entirely on your requirements and serve as just a rough guide as to what you might expect to pay.

Do I need a penetration test?

It’s recommended that businesses perform penetration tests at least annually or whenever a significant change is made to the environment. Certain compliance packages, such as PCI DSS, make regular penetration tests mandatory. Put simply, if you want good security, you need a penetration test.

What can I expect in my penetration test report?

The content of a report will depend on the who has written it. Bulletproof’s reports always contain a high-level business summary before moving on to an in-depth breakdown of any weakness, vulnerability or misconfiguration found during the test along with mitigation advice. These will then be presented in order of priority, giving our clients a checklist to improve their security.

Other cyber security services

And knowing is half the battle... regular penetration tests are vital for maintaining security and protecting business critical data. If a penetration tester can find flaws in your environment, then a hacker can too, and you don’t want them to find them first.

What can I expect in my penetration test report?

The content of a report will depend on the who has written it. Bulletproof’s reports always contain a high-level business summary before moving on to an in-depth breakdown of any weakness, vulnerability or misconfiguration found during the test along with mitigation advice. These will then be presented in order of priority, giving our clients a checklist to improve their security.

Our experts are the ones to trust when it comes to your cyber security

  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre