We offer infrastructure penetration testing (also known as an I.T Health Check, ICT Health Check, infrastructure testing or a pentest) services for internal or external networks.
Infrastructure testing involves conducting penetration testing or vulnerability assessments of external or internal systems and does not normally include application testing.
Infrastructure testing is a penetration test (also known as a pentest or pentesting) or vulnerability assessment of computer systems, network devices or IP address ranges to identify vulnerabilities that could be exploited. Testing should be conducted from outside the organisation (external testing) and from inside the organisation.
The vulnerabilities identified are reported back to the system owner along with mitigation recommendations.
Infrastructure testing can also be used to test an organisation's compliance with security policies and how effectively it can respond to security threats.
An infrastructure penetration test or vulnerability assessment can provide assurance that the systems and security controls tested have been configured in accordance with best security practice and that there are no common or publicly known vulnerabilities in the target system at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.
Testing will enable you to:
- Manage vulnerabilities
- Avoid extra cost and reputation damage from a security breach
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure
We can offer the following infrastructure testing services:
- External penetration testing and vulnerability assessments. This is typically remotely conducted and assesses your external security services exposed to the Internet.
- Internal penetration testing or vulnerability assessments. This is conducted by plugging into your internal network and assessing the internal devices or network IP ranges for vulnerabilities.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
Infrastructure testing is a term that is used to describe a penetration test or vulnerability assessment of internal of external systems.
Penetration testing (also known as a pentest or pentesting) is an authorised simulated attack on a computer system, network or web application to identify vulnerabilities that could be exploited. Infrastructure testing focuses a penetration test or vulnerability assessment on just hosts (devices, servers, IP address, workstations) and ignores any applications. It is more commonly used for an external scan of IP addresses over the Internet or an internal scan of IP ranges to identify vulnerabilities.
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
|Certified Simulated Attack Specialist||Yes|
|Certified Simulated Attack Manager||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that external and internal testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the infrastructure, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
Infrastructure testing prices are based on the number of hosts/systems that are required to be scanned, and if the systems are externally facing to the Internet and/or if internal to your network, therefore there is not an off-the-shelf price for an infrastructure test.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full penetration testing or vulnerability assessment report for infrastructure testing, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Affected hosts - A list of all hosts affected, including the associated network port
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.