Salus Logo

Penetration Testing

Penetration testing involves authorised access to a system with legal permission to identify vulnerabilities. Our experienced and certified consultants provide thorough and ethical penetration tests, using their skills and expertise to legally test systems and demonstrate proficiency, ensuring the security of your systems.

Penetration Testing is an offensively minded process of identifying vulnerabilities and weaknesses within an organisation’s digital assets

Penetration testing is the term coined for ethical hacking; however, we don’t refer to ourselves as hackers. Hacking, or “the gaining of unauthorised access to data in a system or computer”, is both illegal and a term that narrowly encapsulates the services which we provide. With legal permission, our experienced and certified consultants aim to demonstrate suitable assurance in our tradecraft and business acumen.

During penetration testing, we are attempting to “break in” to the thing you’ve asked us to look at. The ideal scenario is that we cannot break in and that the thing we are testing is already secured. Sadly, this is not usually the reality, and we’ve gotten great at breaking into various targets over the past several years. Penetration testing is a well-used method of providing independent third-party assurance of a system’s security from an attacker’s perspective. Salus’s certified team can provide a range of tailored services to meet the requirements of your organisation.

Penetration Testing

CHECK Penetration Testing (ITHC)

CHECK was developed for government departments, public sector bodies, and the organisations forming the UK’s critical national infrastructure (CNI) to gain external, independent assurance; however, many private sectors within these supply chains elect to perform CHECK testing to demonstrate adherence to good practices and meet contractual obligations.
Explore CHECK Penetration Testing (ITHC)

Application Testing

Since 2017, Salus has advocated for integrating robust cybersecurity measures as standard business practice to secure modern organisations' interconnected environments and applications, reflecting its commitment to making good security synonymous with good business.
Explore Application Testing

Cloud Security

Many organisations utilise cloud services, but not all vendors provide secure configurations by default. Salus offers configuration reviews for alignment with best practices and maximum security on popular platforms like AWS, Azure, GCP, and Oracle Cloud.
Explore Cloud Security

Cyber Adversary Testing

Cyber Adversary testing, using real-world tools and techniques, evaluates security posture against specific threat actors, stretching defences to limit them and providing in-depth insights into control gaps and malicious impact.
Explore Cyber Adversary Testing

Email Security

Salus' two-stage email security assessment verifies the effectiveness of an organisation's email security by evaluating its implementation from both attacker and internal user perspectives, aligned with standards prioritising secure email systems, such as Cyber Essentials.
Explore Email Security

Infrastructure Testing

Salus' infrastructure testing evaluates the security and configuration of on-premises and cloud-based devices and services from external attacker and administrator user perspectives, ensuring robust protection for your organisation.
Explore Infrastructure Testing

Network Architecture

Leveraging Salus' in-house framework and established guidelines (NCSC, Microsoft, AWS, and TOGAF), an architecture review ensures early detection of weak points in your project, simplifies the audit process, and prevents costly late-stage issue identification.
Explore Network Architecture

Secure Code Review

Salus' code reviews reveal exploitable flaws such as hidden credentials, unreferenced API methods, and vulnerable code paths by directly examining the code, offering more comprehensive security insights than standard assessments; pairing this with penetration testing maximises vulnerability detection.
Explore Secure Code Review

Security Operations Centre (SOC) Maturity

SOC maturity assessment based on MITRE ATT&CK and pass/fail criteria measures your SOC's detection effectiveness, highlights gaps, and offers guidance for enhancing tooling and addressing capability deficiencies, ensuring continuous improvement in real-world TTP detection.
Explore Security Operations Centre (SOC) Maturity

Salus has provided an excellent level of service to DEFRA and could not be happier with the levels of engagement, skill sets, performance and capability of the Salus team. I would certainly recommend them as a supplier for security testing and other capabilities.

Department for Environment, Food & Rural Affairs

I have never witnessed any other supplier go to the lengths Salus Cyber has, to make our organisation a safer and more cyber secure place to do business.

CISO at Global Defence Prime

Salus have been instrumental in our IT CHECK‘s, as well as being our assessor for Cyber Essentials Plus. Their approach is refreshing, they are approachable, helpful, very knowledgeable, flexible and we would thoroughly recommend them.

The Nelson Trust

Here to Help
Tell Us Your Priorities!