Rigorously test your internal network cyber security controls and uncover the real-world threats – with our CREST-accredited network pen testing services.

Uncover the open doors in your internal security controls

Need to be certain? Robust testing methodologies by experienced, CREST-accredited pen testing professionals arms you with the confidence that your security is rigorously tested, using the same techniques a hacker would use.
CREST-certified penetration testing

Experienced CREST-certified testing team

Employing the latest testing strategies to provide a rigorous ‘real-world’ test of your security controls.

Rigorous pen testing methodologies

Rigorous pen testing methodologies

Testing methodology uses OWASP and PTES standards, tailored per organisational requirements.

Highly tailored pen testing programmes

Highly tailored programmes

Every test is uniquely defined to fit your requirements, with step-by-step details in a scoping document (SOW).

Actionable risk-based report

Actionable risk-based report

Evidence of vulnerabilities identified, including their CVSS score (Common Vulnerability Scoring System).

About Comtact Ltd.

24/7 Security Operations Centre (SOC)

Located at the heart of a Comtact HQ, Comtact’s Security Operations Centre (SOC) team operate round the clock, as part of an integrated, multi-layered security defence.

Network Penetration Tests (External)

  • Reveal real-world exploitable vulnerabilities on systems, services & applications exposed to the internet.
  • Network penetration testing allows you to find your most exposed security vulnerabilities before they can be exploited.
  • Network devices, servers & software packages represent a constant challenge to secure - and a frequent opportunity for attack.
  • Performed external to your network – the viewpoint of a remote hacker.

Comtact have afforded us quicker response times, reducing the noise of verbose alerts, cutting resolution time and saving lost revenue and avoided user frustration. Simply, Comtact lets us see the wood from the trees.

Adrian Hollister
Plymouth University

Best practice methodology

Best practice pen testing methodology
Step 1 (One)

Scoping and planning

Agreement of scope, as well as controls, methodologies and communication.

Step 2 (Two)

Intelligence gathering

Sources include search engines, open source frameworks, dark web…

Step 3 (Three)

Pen test execution

To compromise and confirm how exploitable the vulnerability is.

Step 4 (Four)

Reporting & analysis

Detailed report, suitable for both technical & non-technical staff.

Step 5 (Five)

Discussion & recommendations

Guidance on the required steps to remediate discovered issues.

Penetration test report (sample)

View sample penetration test report

Summary: Overview of key threats and business risks, in a high-level format suitable for non-technical Directors.

Technical: Outlines the steps taken by Comtact's testers to breach the network/defences, remediations and supplemental information suitable for IT teams.

Risk Scoring
Risk scoring: Report includes a vulnerability scoring system to rate issues discovered, based on severity.

Remediation & next actions
Remediation & next actions: Recommendations and guidance on the steps necessary to remediate discovered issues.



Ask a question


Have a question? We're always here to help.
[contact us]

Get a quote


Request guide pricing, or a formal quote.

Penetration Test Report (Sample)


View a 'best practice' risk-based pen test report.
[view report]

Questions and answers

Q What does a network penetration test involve?

Using the same techniques a hacker would use – but with a defined and controlled methodology, our skilled pen testers use the full range of strategies in their toolkit to replicate a ‘real-world’ cyber attack – a highly effective test of your security defences.

Firstly, we gather intelligence from publicly available sources to identify opportunities and vulnerabilities to exploit. This would include looking for misconfigurations, weak passwords, unpatched software, open ports etc. that can lead to unauthorised access.

With agreement, we would attempt to exploit identified vulnerabilities to confirm the risk to your organisation – a true evaluation of the threats faced today.

Q What are the goals of a penetration test?
  • Determine feasibility of a particular set of attack vectors.
  • Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence.
  • Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
  • Assess the potential business and operational impacts of successful attacks.
  • Test the ability of network defenders to detect and respond to attacks.
  • Justify increased investment in security personnel and technology.
Q What is Black box and White box pen testing?

Black box: A penetration test performed without any influence or direction from the business on what vectors to attack

White box: A penetration test performed according to pre-determined guidelines set out by the client

Grey box: A penetration test performed with partial guidance, like a map of the network, but where other aspects must be achieved during the project, like administrative access.


What's the difference between a vulnerability scan and a penetration test?

Read more


What are the different types of penetration test?

Read more

Subscribe and keep your knowledge up to date.