Penetration Testing

Discover Our Expertise

Penetration testing is not merely the serial execution of automated tools and generation of technical reports as it is frequently viewed. It should provide a clear and concise direction on how to secure an organization’s information and information systems from real world attacks. 


We specialise in the whole spectrum of penetration testing capabilities – right from information gathering, foot-printing, vulnerability assessment, exploitation, and reporting. Our penetration testing practices encompass web applications, client-server applications, infrastructure, SCADA, ERP systems, mobile applications, wireless, and a whole host of technologies and platforms.


Our penetration testing methodology is well aligned with established standards and practices, combined with our extensive experience.

Our Penetration Testing (PT) Service Offering

We conduct two types of penetration testing:

  • Infrastructure Penetration Testing

    • This type of a penetration test involves identifying the targets through Google searches, WHOIS, DNS queries, etc. Fingerprinting and identifying vulnerabilities. The exploitation of these vulnerabilities depends on whether it is part of the engagement or not. Limited exploitation is always done in terms of password guessing, directory traversals, file uploads, etc. Before going for stronger exploitation methods such as Denial of Service attacks, Buffer Overflow exploits, etc., we take prior written consent from the management so as to not to cause possible fallouts from the such exploitation methods.


  • Web Application Penetration Testing

    • In this type of penetration test, we assess the security of the application by focusing on remotely exploitable vulnerabilities, application architecture, design and implementation. We also assess the controls with respect to user access, privilege levels, development and delivery, and overall design of the applications. This helps to give the total threat profile of your web application environment.

Our deliverables

Once penetration testing is completed, we will deliver you a report that describes vulnerabilities, ranked by risk and remediation actions that you need to undertake. Our reporting follows a standard format with two sections:

  • Executive report - A jargon and buzz-word free true executive-level summary with high level findings, root causes, and recommendations based on potential risk to your organisation

  • Technical report – Specific technical details of the assessment and raw data, targeted to technical staff.

Our VA engagement is performed remotely through our 24x7 ISO27001 accredited Security Operation Centre (SOC) in Chennai, India. Security threat and risk analysis, recommendations and reporting are conducted in London, UK. 


Our pricing model is simple, flexible and usage based. In simple words, we provide a subscription or Operational Expenditure (OPEX) based charges that covers,

  • Ad-hoc on-demand testing

  • Fully managed service with monthly or quarterly testing


Our charges are based on few key criteria’s:

  • Is it infrastructure penetration testing and/or web application testing?

  • How many IP addresses (for infrastructure), and URLs (for web application) you want us to test?

  • Is there a specific compliance requirement e.g. PCI DSS, HIPAA?

  • Is it external (internet facing) penetration testing or internal ? For internal testing, we charge a small one-off fees to set up IPSec VPN for remote connectivity, and to install jump off server in your data centre.

Sounds interesting?

Want to explore more? 

Tel : +44 (0) 020 8242 4756

iCyberDefence Limited

20 Eastbourne Terrace,


London W2 6LG, UK

©2018 by iCyberDefence, a brand registered under  iCyberDefence Limited, registered in England and Wales, 10980510

Registered Office: 27 Old Gloucester Street, London, WC1N 3AX