Skip to content
EdgeServers

Penetration Testing

Find the holes before someone else does.

Ethical hacking by certified offensive engineers (OSCP / CRTP / CARTP). We test the same way an attacker would — across infrastructure, applications and cloud configuration.

Request a quote

Engagement types

External infrastructure

Internet-facing services, DNS, mail, exposed admin panels. The view from outside your perimeter.

Internal infrastructure

Assume-breach testing inside your VPC. Lateral movement, privilege escalation, exfiltration paths.

Web application

OWASP Top 10 + business logic. Authenticated and unauthenticated. Single-page apps, APIs and traditional web.

Cloud configuration

IAM analysis, S3/storage exposure, role chaining, key handling, public-by-mistake resources. AWS / GCP / Azure specific.

Social engineering

Controlled phishing campaigns and pretexting — to measure not just whether people click, but what happens when they do.

How a test runs

  1. 1. Scope

    Half-day workshop. We agree the targets, rules of engagement, blackout windows and what 'success' looks like.

  2. 2. Test

    Live testing window (typically 5-15 working days). Daily check-ins, immediate disclosure of any critical finding.

  3. 3. Report

    Executive summary + technical findings, each with CVSS, reproduction steps, and remediation guidance.

  4. 4. Remediate

    Optional — our engineers can fix what we found. Same team, faster turnaround.

  5. 5. Retest

    Free retest within 90 days to verify fixes. Updated report for your auditor or board.

Tooling

The tools we run during an engagement

Industry-standard offensive tooling, mapped to each phase of the test. We pay for the commercial licences (Burp Suite Pro, Metasploit Pro, Nessus Pro) so you get tester-driven findings — not scanner output dressed up as a report.

Reconnaissance & OSINT

Mapping the attack surface from the outside before we touch anything.

  • Amass
  • Subfinder
  • Shodan
  • theHarvester
  • Maltego
  • FOFA

Web application testing

OWASP Top 10 plus business-logic abuse. Authenticated and unauthenticated.

  • Burp Suite Pro
  • Caido
  • OWASP ZAP
  • sqlmap
  • FFuf
  • Nuclei

Network & infrastructure

Service enumeration, version-pinned CVE checks, internal lateral movement.

  • Nmap
  • Metasploit Pro
  • Nessus Pro
  • Responder
  • Impacket
  • Wireshark

Cloud & Kubernetes

Config audits across AWS, GCP and Azure. IAM analysis. Cluster benchmark scoring.

  • ScoutSuite
  • Prowler
  • Pacu
  • kube-bench
  • kube-hunter
  • Trivy

Active Directory & identity

Path-to-domain-admin enumeration, Kerberoasting, AD-CS misconfigurations.

  • BloodHound
  • CrackMapExec
  • Rubeus
  • certipy
  • ldapdomaindump

Source code & secrets

SAST against your codebase, secret discovery in git history, dependency audit.

  • Semgrep
  • CodeQL
  • Bandit
  • TruffleHog
  • gitleaks
  • Snyk

Methodology: PTES, OWASP WSTG, OWASP ASVS Level 2, NIST SP 800-115. Findings mapped to MITRE ATT&CK techniques.

Deliverable

What you get — inside the audit report

Every engagement closes with a deliverable that earns its keep. Clear enough for leadership, technical enough for your engineers, and structured for your auditors. Below is the structure of every EdgeServers pen-test report.

01

Executive summary

Two-page non-technical summary for leadership. Composite risk score against industry benchmark. Top five findings ranked by business impact, with a clear go/no-go recommendation.

02

Scope & methodology

What was tested, what wasn't, and how. PTES + OWASP WSTG alignment, rules of engagement, blackout windows, and a chain-of-custody log for every credential issued for the test.

03

Findings — one per page

Each finding: CVSS 4.0 severity, affected asset(s), step-by-step reproduction, evidence (screenshots, payloads, PoC scripts), and a plain-language risk statement that an executive can read.

04

Remediation roadmap

Per-finding fix guidance ranked by exploitability × business impact. Estimated developer-effort, code references where applicable, and the order we recommend fixing them.

05

Retest results

Free retest within 90 days. Each finding re-validated with fresh evidence: pass, partial, or fail. A single updated PDF you can hand to your auditor or your board.

06

Compliance mapping

Every finding tagged against the frameworks you care about: ISO 27001 Annex A, SOC 2 Trust Services Criteria, PCI-DSS v4, the ASD Essential Eight, and the relevant MITRE ATT&CK techniques.

Delivery formats

  • Full PDF report (technical)
  • Redacted PDF for board / auditor
  • JSON findings export for SIEM / ticketing

See a redacted sample

We send a redacted sample report (from a real engagement, with customer details removed) so you can see exactly what you'd receive before you commit.

Request the sample report

Ready to take the operational load off your team?

Book a 30-minute discovery call. We will audit your current cloud setup and show you exactly where we add value.

Book a discovery callSee our services