Certified Penetration Testing Services

Certified penetration tests are suitable for organisations of all sizes who wish to keep their networks and systems secure from cybersecurity threats.

An organisation’s technical environment presents threat actors with a variety of opportunities for breach and lateral movement. With reliance on technology growing in volume and complexity, even the most diligent security team can miss vulnerabilities in people, processes, and technology. This can lead to a cyber-attack which brings reputational, financial, and legal problems.

what is penetration testing?

Penetration testing, also known as pen testing or ethical hacking, is a controlled test of the security of your network. A pen test provides insight into any security risks on your environment, including:

  • Infrastructure
  • Software applications
  • Servers
  • Workstations

A pen test gives you the information you need to protect your business-critical information and your organisation’s reputation from an external or internal attack. Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.

Testing should play a crucial role in your cybersecurity strategy. After a penetration test is completed and an organisation’s vulnerabilities are exposed, security controls can be enhanced to prevent future threats.



With 25 years of experience in Cybersecurity, our pen testing team has a significant understanding of how to approach different environments via ethical hacking, leading to better quality results for your organisation.


Each pen test comes with comprehensive management and technical reporting, which can apply to historical results to understand an organisation’s security maturity journey.


Sapphire’s penetration tests utilise agile and adaptive techniques to adjust to your organisation’s requirements. A wide range of pen testing, including internal and external network level testing, web and mobile application assessments, security audits, vulnerability assessments, testing for standards such as CE Plus and NCSC CHECK, Red Teaming, and more.

certified pen testing in the uk

We want to ensure you have the confidence in Sapphire to keep your organisation secure. That is why our testers adhere to the strict standards of several accreditations in the UK.

Sapphire’s team of ethical hackers and penetration testing experts have the skills, experience and ability to identify cyber threats.

From CREST to Tigerscheme accreditations, we are committed to offering the best service.

sapphire’s penetration testing services

external penetration testing

Our external penetration tests are a comprehensive manual assessment of specified hosts. Every penetration test aims to identify, but not exploit, potential security vulnerabilities in the system (email, software, unrestricted data flows, or operating system). Manual penetration testing reduces false positives and provides comprehensive and legible reports.

infrastructure & network-level testing

Performing internal infrastructure and network-level penetration tests locally on specified hosts assesses the effectiveness of deployed internal security. This is specifically designed to identify weaknesses in the security of computer systems connected to the internal network, including workstations, servers, and network equipment.

web application security testing

As organisations conduct more business online, these systems become increasingly open to being exploited. Sapphire’s web application testing works to advise on security configurations and vulnerabilities by testing software and applications. Apart from the web application security testing, Sapphire also follows OWASP 2017 guidelines as well as focuses testing on the top 10 application threats.

wireless testing

Sapphire’s wireless testing checks for common configuration errors that could allow an attacker to compromise the network. Sapphire’s wireless testing will test both guest and corporate wireless networks to find errors that a malicious attacker could potentially exploit.

firewall configuration reviews

Firewalls are the front line of defence against most cyber threats, monitoring and filtering incoming and outgoing traffic and providing a barrier between a private internal network and the public internet. Sapphire reviews firewall configurations and rules to validate that they are implemented according to best practices as part of its penetration testing.

build and configuration reviews

Build and configuration reviews are assessments that can be conducted on any host, network device, or server. Sapphire will audit your key IT assets’ security configuration based on industry-standard benchmarks, as well as Center for Internet Security (CIS) guidelines, and ensure that each component is compliant.

NCSC CHECK penetration testing

Sapphire is a member of the NCSC CHECK scheme, developed to enhance the availability and quality of IT health check services provided to the public sector and CNI in line with HMG policy. Organisations that deliver CHECK security testing services do so using consultants that have NCSC approved qualifications the relevant experience and have demonstrated that their pen-testing skills can be carried out using NCSC recognised methods. Sapphire is approved by the NCSC to provide CHECK penetration tests of IT systems to identify potential security vulnerabilities.

open-source intelligence (OSINT)

Any breadth and depth to any penetration test, Open Source Intelligence (OSINT) is a method that uses publically available information on people or organisations to identify current and future risks. Utilising OSINT investigations alongside your pen testing programme can help organisations to identify security vulnerabilities and improve organisational awareness.

social engineering

Social engineering tests the people within your organization, attempting to breach physical security and using methods like simulated phishing attacks, while penetration tests focus on testing the exploits available on a network or IT infrastructure.