Comprehensively test your cyber security controls to uncover the open doors and defend against real-world hacking threats - with our CREST-certified pen testing services.

CREST-approved logo

Uncover the open doors in your cyber security defences

Our experienced CREST-certified pen testing pros attempt to breach your security controls and gain unauthorised
access to your business data – using the same techniques a hacker would use.

Experienced CREST-certified testing team

Full service security advice & support

‘Real world’ hacking methodologies

Actionable risk-based report – sample available

Network penetration testing (external)

Reveal real-world exploitable vulnerabilities on systems, services & applications exposed to the internet.


Network penetration testing (internal)

Whether an attacker with access to internal systems, or a rogue employee, understand your internal network risks.


Web application penetration testing

Identify vulnerabilities on your web applications which could lead to unauthorised access or data exposure.


Simulated phishing and social engineering

Assess and understand your susceptibility to human manipulation via email, phone, media drops, and physical access.


Real-world testing. Real results.

Comtact’s experienced penetration testing team employ the latest testing strategies and techniques to provide a rigorous ‘real-world’ test of your security controls – helping you quickly identify existing vulnerabilities or prioritise future investments.

About Comtact Ltd.

24/7 Security Operations Centre (SOC)

Located at Comtact HQ, Comtact’s state-of-the-art SOC helps you rapidly scale your organisation’s security operations – and provide the assurance you have a specialist security team to support you – day or night.

Highly tailored programmes

Highly tailored programmes
Every test is uniquely defined to fit your requirements, with step-by-step details in a scoping document (SOW).

Detailed risk-based report
Evidence of vulnerabilities identified, including their CVSS score (Common Vulnerability Scoring System).

Rigorous testing methodologies
Testing methodology uses OWASP and PTES standards, tailored per organisational requirements.

Expert review & recommendations
On-site debrief, review of results and recommended next actions to remediate the vulnerabilities identified.

Why Comtact?

  • Dedicated security testing team
  • Experienced CREST-accredited penetration testers give your infrastructure a real-world test.
  • Learn how susceptible your organisation really is.
  • Rigorous testing methodologies, at the forefront of the latest and best practice hacking techniques.
  • Highly tailored programmes to help you build a strong security foundation.
Q What are the different types of penetration test?

Network penetration test, external
An 'external' pen test involves an ethical hacker probing your perimeter defences across the internet, providing an effective test of how your externally-facing network infrastructure responds to threats.

Network penetration test, internal
An internal penetration test simulates either the actions a hacker might take once access has been gained to a network, or those of a malicious actor, or disgruntled employee with access that he or she is looking to escalate.

Web application penetration test
A web application penetration test, looks for any security issues in your websites and web applications, including CRM, extranets and internally developed programmes - which could lead to exposure of personal data, credit card information etc.

Social Engineering
A social engineering pen test will help you understand the susceptibility within your organisation to human manipulation. Social engineering techniques are wide ranging, from the very simple, to highly personalised, sophisticated attacks.

Q What is black box & white box testing?

Black Box testing

With a black box penetration tests, no information is provided about the infrastructure or environment, simulating how an internet hacker would attack your environment.

White Box testing

Detailed information is provided about the environment, simulating how an attacker with knowledge (e.g. employee/insider) could present a risk to the organisation.

Grey Box testing

A grey box test is a blend of black box and white box testing techniques. Selected snippets of information are provided, for a more focused test and reduced timeline (than black box testing).

Q Is a vulnerability scan different to a pen test?


A vulnerability scan uses a suite of software tools, providing a technical assessment of your IT estate, scanning your network infrastructure to identify unpatched software updates, incomplete deployment of security software, or open ports, for example.

Whereas a pen test is performed manually by a skilled pen tester, simulating an attack using a range of strategies and techniques, as a hacker would use in a real world cyber attack.


Buyers guide to penetration testing services.

Read more


What are the different types of penetration test?

Read more

Subscribe and keep your knowledge up to date.