Services
Penetration testing across the surfaces that matter.
Pentiq's penetration testing services cover network infrastructure, applications and devices, identity and data, cloud and build pipelines, adversary scenarios, and the threat intelligence around all of it. Every engagement is scoped through a formal Rules of Engagement, peer-reviewed by a senior consultant, and accompanied by a plain-English management summary, an executive dashboard, and a technical overview with reproduction steps.
Pen Test Portal
Your view from a hacker's eye.
Say goodbye to lengthy PDFs and countless emails. Pentiq's portal brings every assessment finding together in one place - so you can access projects, search vulnerabilities, and see exactly which areas of your environment carry the most risk.
Our testers flag critical findings as and when they occur, so your IT team or third party provider can resolve risks faster - with our consultants on hand for one-on-one support when needed.
Findings dashboard
46 open · last sync 14:32
2
7
14
23
Recent findings
Severity · Framework
- Critical14:22
IDOR on /api/v2/orders/{id}
OWASP A01 · Reported · live
- High11:08
TLS 1.0 enabled on edge LB
ISO 27001 A.8.24 · In remediation
- MediumYesterday
Stored XSS in profile bio
OWASP A03 · Retest pending
Illustrative example.
Compliance mapping
Findings map to the frameworks you actually answer to - Cyber Essentials, OWASP, CIS Controls, PCI DSS, ISO 27001, ISAE 3402, and SOC 2.
Real-time visibility
Watch testing happen as it happens. Activity logs keep your team aligned on what's been done, what's been found, and what comes next.
Single source of truth
Every finding from every engagement, in one place. Your team can act on the most critical weaknesses the moment they're discovered - not weeks later in a final PDF.
Team collaboration
Assign findings to specific owners, automate handoffs, and get real-time alerts when something needs attention. Full audit trail of who did what, when.
Reports on demand
Generate technical reports, executive summaries, and customer ready evidence whenever you need them. Search by section, filter by finding, export to your stakeholder of choice.
Posture & readiness
Track open findings, emerging threats, and remediation progress in a customisable view of your organisation's overall security posture.
Network Infrastructure
External, internal, and wireless networks tested the way attackers actually approach them.
External Infrastructure
Internet facing servers, services, and edge devices, tested the way attackers actually approach them.
Learn more →
Internal Infrastructure
Post-breach simulation across your internal network, lateral movement paths, and segmentation controls.
Learn more →
Active Directory & Password Review
Identity layer audit of on-premises and hybrid Active Directory - trust relationships, delegation, and password hygiene.
Learn more →
Wireless
Site survey, encryption review, and rogue-AP detection across the network that bypasses your firewall.
Learn more →
Applications & Devices
Web applications, APIs, and connected hardware - from authenticated workflow abuse through firmware tear-down.
Web Application & API
Authenticated and unauthenticated testing of business critical web apps and APIs, mapped to OWASP and beyond.
Learn more →
Hardware & IoT
Hardware tear-down, firmware analysis, and protocol testing across connected device ecosystems.
Learn more →
Mobile App
iOS, Android, and hybrid mobile app testing across binary, runtime, transport, local storage, and the backend APIs they trust.
Learn more →
Identity & Data
Active Directory, insider risk, and data-loss controls - the human and identity layer most programmes underweight.
Insider Risk
Privileged-access review, exfiltration-pathway testing, and the joiner/mover/leaver process that grants more than anyone tracks.
Learn more →
Data Loss Prevention
Test whether your DLP tooling is configured effectively across email, endpoints, SaaS, and cloud storage - and identify gaps in data-protection coverage.
Learn more →
Cloud & Build
Cloud configuration across AWS, Azure, and Microsoft 365 - plus shift-left hardening of gold builds before they ship.
Adversary Simulation
Scenario-led testing of the humans, processes, and physical estate that responds when something goes wrong.
Red Team Operations
Full scope, objective driven simulations testing how your people, processes, and tools actually hold up.
Learn more →
Purple Teaming
Red team and blue team in the same room - detection rules tuned during the exercise, not weeks after.
Learn more →
Physical Security
Covert entry, badge cloning, tailgating, and pretexting against your physical estate.
Learn more →
Social Engineering
Phishing, vishing, and physical vector testing to measure (and improve) human-factor resilience.
Learn more →
Intelligence & Advisory
What's already public, leaked, or for sale - plus expert advisory on monitoring, MDR, and detection maturity.
Products
Services are projects. Products are programmes.
Every service above is scoped as a one-off engagement. For continuous assurance - recurring exposure visibility, ongoing exploitability validation, and quarterly adversary scenarios - see the three Pentiq subscription products below.
Continuous Security Assurance (CSAS)
Managed monthly testing across three tiers - Visibility, Resilience, and Assurance. Quote within two working days of a scoping conversation.
See CSAS tiers →Vulnerability Scanning
IP-based vulnerability scanning across external and internal estates. One-off or monthly subscription, scoped against your IP count and authentication needs.
View Vulnerability Scanning →Red Team Subscription
An adversary on retainer. Quarterly scenarios - phishing-led, assumed breach, ransomware objective - with defender side debriefs. POA.
See Red Team Subscription →Get started
Talk to Pentiq about your security testing.
Whether you need a one-off engagement, ongoing external validation, or help choosing the right starting point - book a 30-minute discovery call. Scoping is fast and transparent.