Penetration Testing

A Penetration Test is a friendly attack on your company’s information systems.

We attempt to break into your systems using the same methods that a malicious hacker would employ. These could include exploiting unsecured or unpatched devices on your network, flaws in third-party software or human errors in systems configuration.

Penetration Tests are our specialty, and each is conducted using highly-trained experts and unique methodologies to combat the flaws inherent in automated scanners that some others use. 

Many vulnerabilities arise from bugs in software applications based upon complex business logic, which can be difficult to find unless expressly looked for.

Why Perform a Penetration Test?

Comprehensive penetration testing is a requirement across a swathe of industries around the world, where regulatory bodies such as Europe’s GDPR, Australia’s NBD Scheme and Canada’s PIPEDA impose hefty fines on companies who fall victim to cyberattacks and data breaches. Regulations are even more strict if a company cannot provide evidence of engaging regular and vigorous cyber security procedures, like pen tests.

Revealing network vulnerabilities through pen tests before a malicious incident is the most reliable way of maintaining a robust cyber security posture. Therefore, the key for any company is to strike the right balance between solid network security and sustainable expenditure.

Our Penetration Tests are based upon the level of access you give us to your systems. They run from ‘Black Box’ testing, where we have minimal knowledge of your systems, to ‘White Box’ testing, where we are given a high level of knowledge and access, and ‘Grey Box’ testing, which as the name suggests, is a blend of both. For companies that are looking to acquire another company, we also offer ‘Blind Black Box’ testing, which provides an assessment of the target company’s Cyber Security situation.

Black Box Penetration Testing

In a Black Box test, we have no knowledge of any of your internal information structures and are not given access to your applications or network. This test is the most similar to a real-world malicious attack and usually requires significant time (as we need to attempt many attack methods to ensure none of them works), and deeper vulnerabilities may not be found or exploited during the time frame of the test.

However, simply because deeper vulnerabilities cannot be found doesn’t mean they don’t exist, which can result in a false sense of security that could be exploited at a later date by a hacker without time constraints waiting for the right opportunity.

White Box Penetration Testing

In White Box testing, we have complete access to your selected networks, systems and applications, which allows us high-level privileges and the ability to view source code. We perform both dynamic and static analyses to identify weaknesses across several areas such as security misconfigurations, logic vulnerabilities, poorly written software code and more.

This type of penetration test is comprehensive as both internal and external vulnerabilities are identified, assessed and prioritised from a ‘behind closed doors’ perspective that is not available to most hackers.

Grey Box Penetration Testing

In a Grey Box test, our team replicates the activities that a hacker would undertake after they have penetrated your security perimeter and has internal access to your network. You provide us with some background information such as network infrastructure maps, application flow charts and low-level credentials, which allows for much more streamlined and efficient testing, saving time and money.

This approach also allows us to focus on identifying and exploiting potential vulnerabilities in your higher-risk systems rather than attempting to discover where these systems are.

Learn why Penetration Testing is so important.

The choice of testing methodology depends on your specific situation and needs. A Penetration Test is different from a Vulnerability Assessment and Red Teaming.

What Determines the Cost of a Penetration Test?

Penetration tests are vital for security because, at their most detailed, they include all parts of network infrastructure: communication, software, applications, endpoints and even personnel. At Cyber Citadel, pen tests are our specialty, and each test is conducted using highly trained cyber security analysts and unique methodologies. Invariably, any company looking to take responsibility for their cyber security will be most concerned about how much a pen test costs. However, this depends on several factors that vary from company to company:

  • How complex is your network?
  • How many systems, applications and endpoints need to be tested?
  • What level of access will you provide at the beginning of a test?
  • What tools are needed to perform a test?
  • How many analysts are required to perform a test?
  • Do you need corrective actions taken, as well as the initial pen test?
  • Do you need a retest?

Fortunately, this means not all pen tests have to be the same and, therefore, can vary in price based on individual company requirements. By tailoring our pen tests to meet the needs of our customers, based on a collective 200 years’ worth of experience in the cyber security industry, Cyber Citadel can offer this crucial service to companies of all sizes across a range of industries.


The complexity of your network, including the number of front-end and back-end systems, network devices, API endpoints, applications and software, will determine the number of possible network vulnerabilities, the time and effort needed to conduct a pen test and ultimately raise or lower the overall price of a test.

Cyber Citadel’s proprietary methodologies led by professional cyber security analysts reduce the cost of testing a complicated network by giving the option of only focusing on critical and high vulnerabilities with real-world risk assessments. By stripping away false positives and false negatives, we reduce the time it takes to compile the final report, therefore enabling us to customise what we charge.


The scope of a penetration test is usually determined by the client organisation. This sets out the breadth and depth of a pen test to either include every aspect of a network’s infrastructure or a select portion. However, limiting the scope of a pen test to reduce its cost is a dangerous compromise, as it risks overlooking key vulnerabilities that could leave the door wide open for cybercriminals.

Again, by using our own human-led proprietary methodologies to strip away irrelevant vulnerabilities with no real-world risk, Cyber Citadel provides the option of reducing the cost of a pen test by concentrating on the vulnerabilities that matter most while including all aspects of a network’s infrastructure.

Level of Initial Access

The level of initial access to a network provided by the client at the start of a penetration test has a huge impact on its final cost. The amount of effort we need to expand on gaining access at the beginning of a test will increase the time it takes to complete it.

As already discussed, Cyber Citadel offers three pen test variants based on the level of initial access supplied by the client: Black Box, White Box or Grey Box pen tests.


Penetration tests rely on automated scanning tools that sift through a network to reveal system configuration vulnerabilities. These tools vary in quality and price, but always impact the final cost of a pen test, as their use needs to be compensated by the client.

Cheaper scanning tools may save money in the short term but often struggle to work through complex business logic, thereby increasing the amount of time to complete a scan and potentially missing key vulnerabilities. Scanning tools that struggle with business logic also require more human management. On the other hand, more expensive tools reduce the time to perform a scan and provide higher quality results.

Cyber Citadel uses a combination of industry-leading automated scanning tools and our own custom toolkits to maximise the efficacy and accuracy of the final results.


Cyber security analysts have similar degrees of specialisation as medical professionals. You wouldn’t want a paramedic offering medical consultations or a nurse performing a surgery. In the same way, different aspects of cyber security are best analysed by researchers with the necessary experience. The price of a penetration test depends on the number of analysts involved and their levels of experience.

With a team of international, multi-lingual and highly specialised cyber security analysts, Cyber Citadel is able to work through a pen test with the greatest efficiency possible, substituting the relevant personnel when needed to complete the various stages of a test. Our analysts have CISSP, CISE, CEH, CPEH, CPTE, CPTC, OSCP, eCPPT, CSWAE, CHFI, OSWP, CWSE and CISA qualifications in Security Management, Ethical Hacking, Application Security, Forensics, Mobile Security, and Standards and Best Practice.

Corrective Actions

Performing a penetration test is only as good as the quality of actions taken to fix the vulnerabilities found. In some cases, remedial security measures can be performed by a company’s IT department. In other cases, however, security implementation needs the specific experience of cyber security professionals, like re-organising log files as part of a SIEM solution, for example.

Cyber Citadel knows that the additional cost of securing vulnerabilities can be a hard pill to swallow after investing in a pen test. However, we recommend that you engage, or at least consult, with our analysts when remediating vulnerabilities. After performing a pen test, irrespective of complexity or scope, our knowledge of your network will reduce the time, effort and cost of making it more secure.


Once a penetration test has been completed, the final report examined and corrective actions taken to remediate vulnerabilities, it is standard practice to retest a system to check whether it is more secure. This is important for two reasons: to ensure that all vulnerabilities with real-world risk have been secured; and, to ensure any remedial actions have not inadvertently created additional vulnerabilities.

No matter the complexity, scope or number of resources used, Cyber Citadel offers a one-time retest free in every pen test contract.

Here’s how we’ll work with you…

First of all, we’ll clarify exactly what your specific needs are. It could be a web application or a network infrastructure issue for example. This will all be defined within a simple scoping document that we’ll help you complete before we begin.

Then we carry out the Penetration Test. The time taken depends upon the complexity of your needs and whatever we uncover during the process. We ALWAYS find weaknesses, often critical.

Once complete, we’ll securely send you the outcome, detailing both technical and business solutions to security vulnerabilities. Technical fixes may include updating certain devices or fixing errors in databases, whilst business solutions may focus on providing employees with security training or re-evaluating dependencies on less secure third parties.

Example Penetration Test Report

So, How Much Should You Spend on a Penetration Test?

Every penetration test can be tailored to your specific requirements. This does not mean making cost-saving compromises but rather identifying the most crucial aspects of your network that need testing. Start by asking yourself two questions:

1. What is most important to you? Is the protection of customer data your greatest priority, as in the financial sector, or does your company rely on more on infrastructure connection and supply chains, as in the healthcare and logistics industries? This will determine what you need to test.

2. Are you a likely target? Unfortunately, cybercrime is on the rise, particularly against SMEs. Companies that collect large data sets or have extensive digital footprints are most likely to be targeted. This will determine the scope of your penetration test.

These two questions, and the factors listed above, will determine the cost of a penetration test. As a general rule, the more manual work required in a penetration test, the higher the price will be.

Even in the higher price range, the cost of a pen test pales in comparison to the cost of re-building a network after a cyberattack or the fines incurred from regulatory bodies after a data breach.

In every case, a penetration test is the best way to make sure you are as secure as you can be.

Penetration Test Breakdown: Network Complexity

Part 1 of our penetration test breakdown looks at network complexity and how it determines the final cost.

The more complex a network system, the greater likelihood an attacker will exploit one or many of the vulnerabilities highlighted in the OWASP Top 10.

A Penetration test starts by establishing a scope of work. This scoping process maps out a network system’s complexity and specifies the extent of a penetration test.

Even though limiting the scope of work might reduce the price of a pen test, we know that the scope of a penetration test is directly related to its efficacy. The more in-depth and detailed a pen test performs, the more accurately a network system’s security can be established.

Penetration Test Breakdown: Testing Resources

Part 2 of our penetration test breakdown looks at the resources that determine the efficacy and cost of a penetration test.

To save money on cyber security, many companies rely on commercial scanning tools to assess their network security. But, due to various limitations, automated scanning tools fall short in delivering the same robust analysis of system security that pen tests offer.

In order to perform an effective penetration test, cyber security researchers must approach a network with comparable, if not better, techniques and tools used by real cybercriminals.

Cyber Citadel’s penetration testing service uses custom toolkits managed throughout by our highly trained pen testing experts.

Penetration Test Breakdown: Skills and Experience

Part 3 of our penetration test breakdown looks at the necessary skills and experience a pen testing team offers.

Whereas company IT professionals install, repair and maintain computer systems, cyber security specialists are uniquely suited to network system security. A valuable pen testing team is comprised of researchers specialised in various aspects of cyber security.

Employing an external pen testing company ensures the right people for the job, as well as leaving company IT personnel to concentrate on business matters.

Cyber Citadel’s pen testing team have multiple certifications, regularly find zero-day vulnerabilities in the wild and benefit from working internationally.

We Can Help

If you need assistance with resolving any issues we’ve found, we can help with that too.

Read our Penetration Test client case study.