Homepage hero image

Penetration Testing

Discover Your Vulnerabilities
What is Penetration Testing? 

Penetration Testing provides a comprehensive review of your organisation's information security. It's a deep dive into your network's security, designed to discover areas of concern and highlight where improvements could be made in infrastructure, procedures and policies. By ethically exploiting your organisation Chess can help find, prioritise and remediate vulnerabilities in your network.

Our specialist penetration testers use a combination of automated and advanced real-world techniques that are closely aligned with the Open Source Security Testing Methodology (OSSTM) to scan your network to ensure it is as secure as possible. 


CREST Certified

Entrusting your IT systems and sensitive data to a stranger for PEN testing can be a risky business. Chess is certified by The Council for Registered Ethical Security Testers (CREST), a non-profit organisation which aims to bring high quality and constancy to the global technical cyber security sector. CREST provide internationally recognised accreditations for organisations and individuals providing penetration testing services, ensuring you’re in safe hands, and that you can expect the very best from your penetration tester.

It's recommended you get tested every 12 months
Businesses yet to make changes as a result of GDPR
The number of seconds between identified attacks or breaches
How Penetration Testing Benefits Your Business

Carrying out a penetration test helps you:

Get Pen Tested
Identify Your Vulnerabilities Before the Hackers Do

Download our datasheet and find out how, including our 6 step methodology. 

Download Datasheet
The Six Stages of Penetration Testing

1. Scoping and Planning
Determining the reasons you need a penetration test, and documenting the process you are going to use. Understand your drivers and motivations for requiring a penetration test. Is it regulatory compliance? Or the fact that your business holds commercially sensitive intellectual property? Your motivations will influence the scope of your pen test.

2. Reconnaissance
Researching the network and establishing what details and data can be found. Your pen tester will review and gather information on the system or systems where entry points might exist and how they could be accessed. These will include elements such as employees, IP addresses, email addresses, websites, social media and other network-based systems.

3. Threat Assessment
Using various tools and techniques to identify potential vulnerabilities, gateways and vectors into the network. Commonly, pen testers use a mix of automated and manual tools to examine attack avenues and find network vulnerabilities.

4. Exploitation of Vulnerabilities
Attempts to penetrate the network defences and (if in scope) gain of control over a target system. The aim, having first gained access to the network, is to see how far the attack can go, establishing administrative privileges where possible and then using them to effect lateral movement to other systems.

5. Reporting
Having completed the exploitation phase, the pen tester will create a penetration test report which includes findings on the vulnerabilities discovered, the full extent of access that was gained, detail of systems that were breached, changes (if any) that could be made and a set of recommended remediation actions.

6. Remediation
If required, your penetration tester may provide consultancy services to reduce or fix any vulnerabilities found and improve overall security. It’s also worth saying that your pen testing provider will ideally offer a social engineering test, such as a phishing exercise. The human security interface is always a difficult area because internal employees may unwittingly be duped into giving hackers security information or may click on bogus links.

Oh No! We've Been Hacked
Where can a malicious attack lead?

Credential theft or even a foothold on your network? Follow our CREST approved Penetration Testers as they take you through a live SQL Injection Attack.

View The Webinar
Why Chess?

 Our UK-based engineers are certified to the highest standards and have proven experience in the field, including:

Buyer's Guide
How to Make The Right Choice
Questions to ask, essential information to know. Download the Buyer's Guide and choose well. 
Read Now
Solutions that help keep your cloud secure.
NMN chess 29 sept 2016_6815.jpg
Enhance the security of your applications, devices and systems with Two-Factor authentication. 2FA enables users to confirm their identity by presenting evidence to an authentication mechanism.
Cloud Apps
Most of your employees have adopted the cloud. Cloud-based apps like Office 365, Dropbox and Salesforce need protection to prevent account-centric threats, meet compliance requirements and protect critical data.
Cloud Infrastructure
Deliver enterprise-level hosting services with a 100% uptime guaranteed SLA to businesses of all sizes including public sector - our data centre is located in the UK.
For Public Sector
Data Sharing
CESG certified on-demand security for organisations wishing to share confidential information electronically.
NMN chess 19 sep 2016_43.jpg
DDoS Protection
Denial-of-service attacks are on the rise since they've become a commodity on the Darknet and IoT allowing for easier botnet creation. DDoS mitigation solutions and attack prevention has never been more important.
Virtual Private Networks are now a necessity in today's modern workplace. Chess can help you find the right VPN technology to help your business grow and yet remain as secure as ever. Select from a full range of VPN technologies for secure site-to-site and remote access.


Penetration Testing Knowledge