Skip to content
Cyberoptic Security
Services About Releases Contact Get a quote

service

Penetration Testing

Authorised, manual simulated attacks across your apps, networks and cloud.

Get a quote

We combine automated scanning with manual testing to find both known signatures and the custom vulnerabilities that scanners miss.

What we offer

Drill into a specific test for the full detail, or talk to us about the right mix.

Web Application Penetration Test

A manual assessment of a browser-based application, following the OWASP Web Security Testing Guide to find the logic flaws, broken access controls and injection issues that scanners miss.

Details

API Penetration Test

Testing against the OWASP API Security Top 10: broken object-level authorisation, broken authentication, excessive data exposure, rate limiting and injection, across REST and SOAP.

Details

Internal Network Penetration Test

Simulates an attacker who already has a foothold inside your network, testing privilege escalation, lateral movement, Active Directory and segmentation.

Details

External Network Penetration Test

Examines your internet-facing infrastructure the way a remote attacker would: exposed services, vulnerabilities, remote access, email and DNS, and breached credentials.

Details

AI and LLM Penetration Test

Testing for AI features like chatbots, copilots and RAG systems: prompt injection and jailbreaks, data leakage, access control gaps, tool and plugin abuse, and model endpoint security.

Details

Mobile Application Penetration Test

iOS and Android assessment following the OWASP MASTG: architecture review, static and dynamic analysis, network communication and local data storage.

Details

Hardware Penetration Test

Assessment of physical and embedded devices such as IoT, medical and industrial equipment: device and firmware analysis, communication protocols and physical security.

Details

Other services

CyberSafe Essentials

A fixed-price assessment built for small organisations with fewer than 20 users, covering the three areas attackers target most.

Secure Configuration Reviews

Your cloud and SaaS environments measured against security baselines.

Technical Controls Validation

A check that your defences are configured correctly and would stop an attacker.

Vulnerability Scanning

Automated assessment of your networks and web apps, validated by a human.

Bespoke Testing

Testing shaped around your requirements when your needs do not fit a standard engagement.