top of page

As part of Fortis’ Security Risk Assessment Services suite, its Penetration Testing services enable clients to identify, assess and prioritise vulnerabilities and security flaws across their applications & APIs, platforms and infrastructure. 

Penetration testing will help to identify security vulnerabilities which might otherwise leave your company open to compromise. Fortis has a proven track record in finding such vulnerabilities in some of the most complex, and sophisticated IT environments. 

Penetration Testing 

CREST Pen Testing Logo

Over the last decade, threat vectors previously encountered only by nation states have become increasingly common in the Enterprise.


The Fortis team has been mitigating and managing the risks from these attacks for our clients for years, and as the threat landscape shifts, so too have the number of organisations that require access to our seasoned and trusted security professionals. 

With its broad industry experience, Fortis Information Security can work alongside your organisation to provide the benefit of situational awareness, usually reserved for those associated with these government departments, together with the context and understanding of corporate environments and the associated challenges and culture.

Our security testing services are designed to:

Improve business awareness and understanding of your cyber security exposure to risk 

Identify and fix security vulnerabilities before they can be exploited by cyber criminals 

Support ISO 27001, PCI DSS, GDPR and PAS 499 ID & Authentication compliance 

Provide independent technical security assurance of your security controls 

Enable the prioritisation of security investments through actionable intelligence 

Demonstrate a continuous commitment to security to your customers and partners

Pen Testing Page Top Image.jpg

Fortis approach to security testing is based upon your requirements, and the required outcome.


Tests can be performed from the perspective of an external attacker with no knowledge of the target services or infrastructure, as an authenticated authorised user, or with comprehensive understanding of the service and its design. 

Mobile iOS, Android applications and API penetration testing 

Wireless Network (WiFi) penetration testing 

Social Engineering (both physical and digital social engineering penetration tests) 

Red Team, full spectrum attack simulation 

Biometric systems penetration testing 


External network (or infrastructure) penetration testing 

Internal network penetration testing 

Web application penetration testing 

Cloud penetration testing including AWS, Azure and GCP 


Fortis’ penetration testing and red teaming group is extremely well certified, holding multiple certifications awarded by bodies such as CREST, Offensive Security, and the Tiger Scheme. Fortis also complements this focused knowledge with its National Cyber Security Centre (NCSC) Certified Cyber Professionals, to provide a valuable wider viewpoint to penetration testing assurance.

Alongside certifications our testers also engage with the security community, present at specialist security testing conferences, and have co-authored books on testing.

37838_Crest icons_2022_4_PT-.jpg

Fortis is a CREST accredited Penetration Testing company. Through CREST’s demanding accreditation process, organisations buying security testing  services get the assurance that:

The services will be delivered by trusted companies with best practice policies and procedures.

The work will be conducted by highly-qualified individuals with up to date knowledge, skill, and competence to deal with all the latest vulnerabilities and techniques used by real attackers.

Both the company assessments and individual qualifications are underpinned by meaningful and enforceable codes of conduct.

Pen Testing Page Middle Image.jpg
Table FULL.png

As the penetration testing industry has matured, certifying bodies have increasingly demanded a standardised way of performing penetration testing activities. However, there is only so much standardisation that can be done before the creativity inherent in “hacking” is removed and the benefit of the service is lost.


Nevertheless, this same standardisation encourages better quality testing exercises by making sure that a minimum level of testing is completed. 


Next, exploratory attacks are launched in order to further understand the attack surface.

Table TEXT-02.png
Table TEXT-01.png

Each iteration starts with attack surface discovery – this can be at any level of the target, for example, authenticated or unauthenticated, or as a result of the exposure produced by another attack.

Fortis methodology is iterative in nature, this means that the process repeats itself until either all options have been exhausted or the testing time-period has expired.

Fortis only employ highly skilled and experienced penetration testers which, when coupled with our governance, risk & compliance team’s vast industry experience and our excellent service management support ensures unparalleled technical deliverable, business alignment and client satisfaction.

Should the attack be successful, the attacker has gained a foothold.

Table TEXT-04.png

Will provide a detailed penetration test report. Vulnerabilities and security flaws will be ranked in order of criticality using the open industry standard common vulnerability scoring system (CVSS) framework.

Table TEXT-06.png
Table TEXT-03.png

Once the results of the initial attacks are known, the most likely to be successful attacks are developed further to maximise the chance of success and then executed. 

Table TEXT-05.png

In this iterations final stage, the attacker will look to take advantage of whatever access has been gained.

Pen Testing Page Bottom Image.jpg
Table .png
bottom of page