Methodology

How We Test

A six-phase engagement structure, aligned with the Penetration Testing Execution Standard and the OWASP Web Security Testing Guide.

Scope & Authorisation

We document in-scope assets, out-of-scope exclusions, allowed techniques, testing window, and emergency contacts. A written authorisation form is signed by both parties before any traffic leaves our infrastructure.

Rules of engagementScope documentAuthorisation letterEmergency contacts

Passive Reconnaissance

We gather information about your attack surface without touching your infrastructure. Sources include WHOIS, DNS records, certificate transparency logs, public code repositories, and OSINT.

subfinderamasscrt.shGitHub dorkingWHOIS / DNS

Active Reconnaissance & Enumeration

Port and service discovery (nmap), HTTP probing (httpx), technology fingerprinting (whatweb), and per-service enumeration. Findings from this phase feed into targeted vulnerability identification.

nmaphttpxwhatwebffuf content discoveryTLS inventory

Vulnerability Identification

AI agents orchestrate templated scanning (nuclei), known-CVE correlation, TLS auditing (sslscan), and web server checks (nikto). Candidate findings are triaged in parallel and deduplicated before validation.

nuclei templatesCVE correlationsslscanniktosqlmap

Manual Validation & Exploitation

Every candidate finding is validated by hand. We demonstrate impact with minimal, non-destructive proofs of concept and chain lower-severity issues into realistic attack narratives where applicable.

PoC requestsScreen capturesAttack chain diagramsImpact analysis

Reporting

A formal External Penetration Test Report: executive summary, scope, methodology, findings table, per-finding details with CVSS v3.1 vector strings, attack narrative, prioritised remediation roadmap, and evidence index.

Executive summaryFindings tablePer-finding detailsRemediation roadmapEvidence index

Standards we align with

Our engagements map cleanly to the standards your auditors and customers already know.

PTES

Penetration Testing Execution Standard

The seven-phase standard our engagement structure mirrors end-to-end.

OWASP WSTG

Web Security Testing Guide

Test cases for every class of web vulnerability, by OWASP.

OWASP ASVS

Application Security Verification Standard

The verification framework we use when a client needs a specific assurance level.

CVSS v3.1

Common Vulnerability Scoring System

Every finding is scored with a full vector string and environmental adjustment where justified.

OWASP API Top 10

API Security Top 10

Coverage for BOLA, broken auth, mass assignment, excessive data exposure, and more.

OWASP LLM Top 10

Top 10 for Large Language Model Applications

Our framework for testing prompt injection, insecure output handling, and agent abuse.