Penetration Testing

Our testing services

Test types

Penetration tests come in a variety of shapes and sizes, so we offer a broad range to meet your assurance needs.

We also offer bespoke testing for security requirements which don't fit into the test categories below, so if you can't find what you're looking for please don't hesitate to ask us.

Fibre optic cables connecting to network infrastructure

Infrastructure tests are the most commonly requested test type and can cover everything from endpoints and servers to printers and routers. The scope can be as broad or narrow as needed, but an organisation-wide penetration test can provide a good indication of how vulnerable you are.

We provide infrastructure testing, from both external and internal perspectives, and have multiple deployment options to make it as easy as possible.
Infrastructure testing
Web applications are one of the biggest targets for attackers: they often hold sensitive user data, handle customer payments or interconnect with business-critical systems.

We provide web application tests for clients both on a one-off and a regular basis and align with OWASP testing methodologies combined with our own.
Web application testing
Cloud infrastructure services provide convenience and often cost savings for organisations, however they also come with new security challenges, particularly around permissions and access.

We test Azure and AWS cloud environments for misconfigurations and attack paths, including account compromise, privilege escalation, lateral movement and data theft.
Cloud security testing
API testing
APIs can present a significant attack surface, often enabling access to sensitive data and providing an interface for authentication and authorisation controls.

With our API testing service, we will assess your API endpoints for the same misconfigurations and vulnerabilities as a web application test, but with a much stronger focus on data theft and privilege escalation, which are far more prevalent vulnerabilities with APIs.
If you're about to start a new deployment or are looking to make changes to an existing deployment, then starting from a secured and hardened template is a great way to raise security standards.

We offer build reviews for most platforms, covering everything from Windows endpoints to Docker images, and we help ensure that best security practices are embedded in your deployment from the very start.
Build reviews
Vulnerability assessments consist of automated scans against your systems to identify missing patches and low-hanging security misconfigurations.

For small and medium-sized companies, we offer both one-off and regular vulnerability assessment services for your compliance and vulnerability management requirements.
Vulnerability assessment

Need more than a one-off test?
Save money with our Regular Testing service.

Contact our team

A man inspecting infrastructure in a datacenter

If you have regular testing requirements throughout the year, we can offer you our Regular Testing service, which benefits from discounted day rates and reduced testing overheads.

Starting from two days a month, which can be rolled over, our full penetration test suite is available to you, but at a cheaper price. If you would like to find out more about our Regular Testing service, please get in touch.

Features

Consistently high standards

On every engagement, our specialists must balance testing your assets against known and common weaknesses, versus testing against novel and bespoke attack vectors, which could potentially take much more time.

At Coldsurge, we manage this by using bespoke Baseline Test Cases for each of our service offerings, based on the attacks and weaknesses that we believe should be tested every time, no matter what. Moreover, we constantly add new attacks and techniques to our Baseline Test Cases to give you better, consistent value with every engagement.

Discrete by default

We're trusted to deal with the most security-sensitive and private information, whether that's for critical infrastructure or for high-net-worth individuals. That's why we don't disclose who our clients are and why we take extensive measures to protect your data on any engagements.

Experts every time

Our team have extensive, proven experience in offensive security and are all CREST or OffSec-certified in their fields, with most holding even more certificates.

From the moment we start working with you, you'll be given a dedicated senior specialist who will oversee your engagement with us from start to finish and be available for any questions you may have. Our team has experience in almost every sector, including finance, critical national infrastructure, technology and private clients.

Frequently asked questions

Penetration testing

When you request our penetration testing services, we'll discuss your testing and security requirements with you in a scoping call. This covers everything from the number of systems you would like to test, to how many privilege levels you'd like us to test from, and the level of assurance that you require for each system and service in scope.

We then calculate how long it will take to test each asset in the scope, to the level of assurance requested, to produce a testing time estimate.

As hard as we try to quantify scoping, the time it takes to complete a test can vary based on a large number of factors. Sometimes, tests can be completed in less time than quoted because we find assets in the scope that are duplicates or have a smaller attack surface than expected, for example.

In other tests, our team may find a critical vulnerability towards the end of the engagement which may affect assets outside of the scope, potentially requiring additional validation and investigation. In either case, our tests are billed on a time and materials basis, so we will only ever invoice you for the testing we have done, and we will never add additional testing time without requesting your explicit permission.

Unlike criminal attackers, we only have a limited amount of time to test your assets for as many vulnerabilities, misconfigurations and attack paths as possible. Often, the tools that we use to validate if a vulnerability or misconfiguration exists are blocked by security products, meaning that our testers have to spend time evading or disabling security products instead of validating the root problem.

A similar problem occurs with credentials, when we suspect that a particular account or privilege group might be vulnerable, but we don't have time to perform all the required steps to reach said accounts for validation.

Penetration Testing

Our testing services

Test types

Infrastructure testing

Web application testing

Cloud security testing

API testing

Build reviews

Vulnerability assessment

Need more than a one-off test?
Save money with our Regular Testing service.

Features

Consistently high standards

Discrete by default

Experts every time

How do you calculate the number of days for testing?

Why are your testing days only an estimate?

Why do you ask for credentials and antivirus exceptions for some tests?

How do you access our systems for testing?

Will our systems be damaged or interrupted?

Get in touch

Penetration Testing

Our testing services

Test types

Infrastructure testing

Web application testing

Cloud security testing

API testing

Build reviews

Vulnerability assessment

Need more than a one-off test? Save money with our Regular Testing service.

Features

Consistently high standards

Discrete by default

Experts every time

How do you calculate the number of days for testing?

Why are your testing days only an estimate?

Why do you ask for credentials and antivirus exceptions for some tests?

How do you access our systems for testing?

Will our systems be damaged or interrupted?

Get in touch

Need more than a one-off test?
Save money with our Regular Testing service.