How to Request a Penetration Test
A penetration test (pen test) is a systematic, authorised attempt to find and exploit vulnerabilities in your system before malicious actors do. This article explains how to request one and what is involved.
Why Get a Pen Test?
- Regulatory compliance (PCI-DSS requires annual pen tests; ISO 27001 recommends them)
- Before go-live for systems handling sensitive or financial data
- After significant code changes or infrastructure updates
- Following a security incident
- As part of annual cyber hygiene best practice
- Because a customer, insurer, or regulator has requested evidence of testing
Types of Pen Test
- Web application pen test: Tests your web application for OWASP Top 10 and other vulnerabilities
- API pen test: Tests your API endpoints for authentication, authorisation, and injection vulnerabilities
- Infrastructure pen test: Tests your cloud infrastructure, network, and server configurations
- Social engineering / phishing simulation: Tests your team's susceptibility to phishing attacks
How to Request
- Contact your Account Manager with your requirements
- We will provide a scoping questionnaire to define the test scope, IP ranges, application URLs, credentials for authenticated testing, etc.
- We will quote the test and arrange scheduling (pen tests require advance booking)
- Testing typically takes 2–5 days; the written report follows within 5 business days of testing completing
What You Receive
A formal pen test report including: executive summary, detailed vulnerability findings with risk ratings (Critical / High / Medium / Low / Informational), remediation recommendations, and a re-test confirmation once fixes are applied.