Select regional store:
Combined Infrastructure and Web Application Penetration Test

Combined Infrastructure and Web Application Penetration Test

SKU: 4452
Format: Year 1: $5,045
Published: 01 Jan 0001
Format: Year 2: $4,550 per annum/test (save 10%*)
Published: 01 Jan 0001
Format: Year 3: $4,036 per annum/test (save 20%*)
Published: 01 Jan 0001

This penetration test helps to identify potential vulnerabilities in your infrastructure, websites and web applications. This fixed-price penetration test, conducted by our CREST-accredited team, includes recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.

Purchase this service or call our team today on 00 800 48 484 484 to discuss your penetration testing requirements.

Price: $5,045.00


Your challenge

Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:

  • avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • prevent breaches and subsequent regulatory fines
  • satisfy relevant regulatory requirements or legislation

Our service offering:

  • A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

Are you interested in an advanced level 2 penetration test?

We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers, or meet with them, we would be happy to arrange this for you.

Contact us

Delivered as a remote service

IT Governance routinely provides this service remotely to organisations located outside of the United Kingdom. We can also offer an on-site service, but consultant expenses related to travelling, etc. will need to be absorbed as an additional cost.


Why choose us?

  • We adopt an integrated approach in line with our recognised expertise in internationally adopted standards such as ISO 27001 and ISO 9001.
  • You receive a tailored assessment that applies to your business and relevant threats, not a generic assessment of theoretical risks.
  • You work with CREST-qualified consultants experienced in infrastructure and application penetration testing.
  • We combine a number of advanced manual tests with automated vulnerability scans to ensure all critical vulnerabilities are identified.
  • You receive a clear report that prioritises the risks relevant to your organisation so you can easily remediate any vulnerabilities.


  • The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
  • Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
  • Testing will not include file upload testing.
  • This test is available as either an internal or external test.
  • Consultant expenses related to travelling, etc. are not included in the price.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
  • The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us

Customer Reviews

(0# of Ratings:)
This website uses cookies. View our cookie policy