Internal, external and web application testing, plus Cyber Essentials certification — delivered by a Cyber Scheme Team Leader (CSTL) qualified tester. Fixed-price scoping, plain-English reports, and a process built to stay out of your way.
Get certified to show customers you take the basics seriously — then test properly to find what a determined attacker would.
The UK government-backed scheme that covers the five controls stopping the majority of common attacks. We get you assessment-ready, then certify — without the jargon.
Everything an attacker can reach from the internet — your perimeter, exposed services, VPNs and cloud edges — probed the way a real adversary would.
What's covered →We model the breached laptop or rogue insider, then see how far that foothold spreads across your network, servers and Active Directory.
What's covered →Authenticated, role-aware testing of your apps and APIs against the OWASP Top 10 and the logic flaws scanners simply never find.
What's covered →Security work has a reputation for being slow, opaque and full of surprises. We've built ours to be the opposite: clear scope, a fixed price up front, and a report you can actually act on.
One named tester runs your engagement end to end — so you're never re-explaining your environment to a stranger.
Start with a free scoping callA short call to understand your environment. You leave with a fixed price and a clear plan — no obligation.
We agree dates that suit you, including out of hours, and confirm exactly what's in and out of scope in writing.
Your CSTL-qualified tester runs the assessment, keeping you posted and flagging anything critical the moment it's found.
A plain-English report: an exec summary anyone can follow, plus prioritised, reproducible findings and fixes for your engineers.
We walk you through the findings, answer your team's questions, and re-test the fixes — at no extra cost.
Cyber Essentials certifies that you have five fundamental controls in place — it's a baseline and a trust signal for customers and tenders. A penetration test goes much further: a qualified tester actively tries to break in, the way a real attacker would, and tells you exactly what they found. Most organisations benefit from both.
CSTL stands for Cyber Scheme Team Leader — a senior, practical penetration testing qualification from The Cyber Scheme, one of the bodies whose exams are recognised by the NCSC against UK government testing standards. It's awarded at two specialisms, infrastructure (CSTL-INF) and web application (CSTL-Web App), which together cover the external, internal and web app testing we deliver.
Yes. External testing looks at everything reachable from the internet; internal testing assumes an attacker already has a foothold and measures how far it spreads. They answer different questions, and many engagements include both alongside a web application test.
Most tests run over a few days and can be scheduled out of hours. We agree the rules of engagement in writing first, work to a careful methodology, and stay in contact throughout — so there are no surprises for your team.
Once we've scoped the work, the quote is fixed. Remediation re-tests and the post-report walkthrough are included. If the scope genuinely changes, we'll talk it through before any cost does.
A couple of details is all we need to get started. We'll come back within one working day with next steps — usually a short, no-obligation scoping call.