Certified Penetration Testing Services

Certified penetration testing suits organisations of all sizes that wish to secure their networks and systems from cyber security threats.

An organisation’s technical environment presents threat actors with a variety of opportunities for breach and lateral movement. As reliance on technology grows in volume and complexity, even the most diligent security team can miss vulnerabilities in people, processes, and technology. This can lead to a cyber-attack that causes reputational, financial, and legal problems.

what is penetration testing?

Penetration testing, also known as pen testing or ethical hacking, is a controlled test of the security of your network. A pen test provides insight into any security risks in your environment, including:

  • Infrastructure
  • Software applications
  • Servers
  • Workstations

Penetration testing provides the information you need to protect your business-critical information and your organisation’s reputation from an external or internal attack. Insights provided by the penetration test can be used to fine-tune your Web Application Firewall (WAF) security policies and patch detected vulnerabilities.

Vulnerability assessment and penetration testing should play a crucial role in your cyber security strategy. After a penetration test is completed and an organisation’s vulnerabilities are exposed, security controls can be enhanced to prevent future threats.



With over 25 years of experience in cyber security, our penetration testing team has a significant understanding of how to approach different environments via ethical hacking, leading to better quality results for your organisation.


Each pen test comes with comprehensive management and technical reporting, which can be applied to historical results to understand an organisation’s security maturity journey.


Sapphire’s penetration tests utilise agile and adaptive techniques to adjust to your organisation’s requirements. A wide range of pen testing, including internal and external network level testing, web and mobile application assessments, security audits, vulnerability assessments, testing for standards such as CE Plus and NCSC CHECK, Red Teaming, and more.

certified pen testing in the uK

We want to ensure you have the confidence in Sapphire to keep your organisation secure. That is why our testers adhere to the strict standards of several accreditations in the UK.

Sapphire’s team of ethical hackers and penetration testing experts have the skills, experience and ability to identify cyber threats.

From CREST to Tigerscheme accreditations, we are committed to offering the best service.

sapphire’s penetration testing services

external penetration testing

Our external penetration tests are a comprehensive manual assessment of specified hosts. Every penetration test aims to identify, but not exploit, potential security vulnerabilities in the system (email, software, unrestricted data flows, or operating system). Manual penetration testing reduces false positives and provides comprehensive and legible reports.

infrastructure & network-level testing

Performing internal infrastructure and network-level penetration tests locally on specified hosts assesses the effectiveness of deployed internal security. This is specifically designed to identify weaknesses in the security of computer systems connected to the internal network, including workstations, servers, and network equipment.

web application security testing

As organisations conduct more business online, these systems become increasingly open to being exploited. Sapphire’s web application testing works to advise on security configurations and vulnerabilities by testing software and applications. Apart from the web application security testing, Sapphire also follows OWASP 2017 guidelines as well as focuses testing on the top 10 application threats.

wireless testing

Sapphire’s wireless testing checks for common configuration errors that could allow an attacker to compromise the network. Sapphire’s wireless testing will test both guest and corporate wireless networks to find errors that a malicious attacker could potentially exploit.

firewall configuration reviews

Firewalls are the front line of defence against most cyber threats, monitoring and filtering incoming and outgoing traffic and providing a barrier between a private internal network and the public internet. Sapphire reviews firewall configurations and rules to validate that they are implemented according to best practices as part of its penetration testing service.

build and configuration reviews

Build and configuration reviews are assessments that can be conducted on any host, network device, or server. Sapphire will audit your key IT assets’ security configuration based on industry-standard benchmarks and Center for Internet Security (CIS) guidelines and ensure that each component is compliant.

NCSC CHECK penetration testing

Sapphire is a member of the NCSC CHECK scheme, which was developed to enhance the availability and quality of IT health check services provided to the public sector and CNI in line with HMG policy. Organisations that deliver CHECK security testing services do so using consultants who have NCSC-approved qualifications and relevant experience and have demonstrated that their pen-testing skills can be carried out using NCSC-recognised methods. Sapphire is approved by the NCSC to provide CHECK penetration tests of IT systems to identify potential security vulnerabilities.

open-source intelligence (OSINT)

Any breadth and depth to any penetration test, Open Source Intelligence (OSINT) is a method that uses publically available information on people or organisations to identify current and future risks. Utilising OSINT investigations alongside penetration testing can help organisations identify security vulnerabilities and improve organisational awareness.

social engineering

Social engineering tests the people within your organisation, attempting to breach physical security and using methods like simulated phishing attacks, while penetration tests focus on testing the exploits available on a network or IT infrastructure.