Our penetration testing approach is designed to replicate the techniques used by real attackers, in a controlled and methodical way. By combining certified expertise with recognised industry frameworks, we’re able to uncover vulnerabilities that aren’t always visible during development and provide practical guidance to resolve them.
When selecting a penetration testing provider, it’s important to look for independence, recognised standards, and clear, actionable reporting.
We recommend choosing a provider accredited by recognised frameworks such as CREST or CHECK. These certifications demonstrate that testing methodologies and processes are independently assessed and meet established industry standards.
Finally, a good provider should offer clear reporting with prioritised findings, practical remediation guidance, and follow-up retesting to confirm that any issues have been resolved.
Zoonou build fresh perspectives into their testing; this is why we’ve chosen them as our testing partner.
What happens in a pen test?
During a pen test, specialist security testers use their experience, creativity, and technical expertise to safely simulate real-world attacks. The aim is to ethically identify and exploit potential flaws or misconfigurations in an application before they can be discovered by malicious actors.
Testing is guided by recognised frameworks such as the OWASP Top 10, a globally established benchmark for the most common and critical web application security risks.
The outcome is a detailed, encrypted report that outlines any vulnerabilities identified, their potential impact, and clear, prioritised recommendations for remediation.
Case study: prioritising security for an online consultation website
We designed and built a bilingual consultation portal for Democracy and Boundary Commission Cymru that makes complex boundary changes clear and gives the public a simple way to respond.
As a public sector organisation that was collecting personal data from consultation respondents, the client wanted peace of mind that the portal we were building was secure.
Zoonou carried out pen testing for both the English and Welsh language versions of the consultation portal. The test included the public-facing section of the website, where data is collected, and the back-end administration tools.
The results of a pen test are provided in an extensive report, where any potential issues are ranked in order of severity from ‘critical’ to ‘raised for reference’.
There were no critical issues with this project. A technical summary provided our developers the information they needed to remedy a handful of issues that had been raised. These amendments were then retested, and a retest report confirmed that the website was secure to launch.
PEN testing is a specialist skill, and we are grateful to Zoonou for their expertise in this area. It gives our clients and us that extra level of reassurance that the website we have built will protect personal data and keep the hackers out.
