Strategic Edge Consulting Insight. Innovation. Integration.
Contact us

Penetration Testing Service Catalogue

Eight productised service lines � three delivery tiers � a standardised deliverable stack aligned to CHECK, CREST, ISO 27001, and Cyber Essentials. Board-ready reporting. Transparent pricing. Free retest included.

CHECK / CREST aligned ISO 27001 mapped Cyber Essentials ready Free retest included Board-ready reporting
Book a scoping call

Service catalogue overview

Eight productised service lines � each with three delivery tiers and a standardised deliverable stack. Every engagement includes an executive summary, technical report, remediation guide, ISO 27001 risk register, free retest, attestation letter, live debrief, and compliance mapping to CHECK / ISO 27001 / Cyber Essentials.

Web Application
3 tiers � 3�12 days � from �3,600
Infrastructure
3 tiers � 3�20 days � from �3,600
Cloud Security
3 tiers � 3�12 days � from �3,600
Mobile Application
3 tiers � 3�10 days � from �3,600
API Security
3 tiers � 2�10 days � from �2,400
Social Engineering
3 tiers � 1�8 days � from �1,200
Red Team
2 tiers � 10�30 days � from �22,000
Wireless Network
3 tiers � 1�5 days � from �1,200

Universal deliverable stack � every engagement, every tier

Executive summary
Board-ready, risk-rated narrative for non-technical stakeholders
Technical report
Full findings with CVSS scores, evidence, and reproduction steps
Remediation guide
Prioritised, actionable fix guidance per finding with effort estimates
Risk register output
ISO 27001-aligned risk register ready for audit evidence packs
Free retest
Retest of all Critical and High findings within 30 days of report
Attestation letter
Signed letter confirming scope, methodology, and completion
Debrief call
Live findings walkthrough with technical and executive stakeholders
Compliance mapping
Findings mapped to CHECK, ISO 27001, and Cyber Essentials controls

Web application penetration testing

Manual and automated security assessment of web applications, portals, and SaaS platforms. Conducted in accordance with OWASP Testing Guide v4.2 and CREST methodology. Covers authentication, authorisation, input validation, business logic, and session management.

OWASP Top 10CREST methodologyCE+ aligned
Essentials
Web App Essentials
3�5 days � up to 5 roles � black box � from �3,600
  • Automated scan + full manual validation
  • OWASP Top 10 complete coverage
  • Authentication & session management testing
  • Input validation: SQLi, XSS, CSRF
  • TLS / certificate configuration review
  • Ideal for: Cyber Essentials Plus
Professional
Web App Professional
5�8 days � up to 10 roles � grey box � from �7,500
  • Everything in Essentials
  • Business logic flaw testing
  • API endpoint enumeration & testing
  • OAuth 2.0 / SSO / MFA bypass attempts
  • Second-order & stored vulnerability testing
  • SSRF, XXE, file upload exploitation
  • Ideal for: ISO 27001 audit support
Advanced
Web App Advanced
8�12 days � unlimited roles � grey/white box � from �16,000
  • Everything in Professional
  • Source code�assisted review
  • Chained attack & kill-chain scenario testing
  • Deserialization & prototype pollution
  • Architecture & threat model review
  • Ideal for: Pre-launch / regulated apps

Methodology

1
Scoping & reconnaissance � Define target URLs, user roles, environments, and out-of-scope paths. Passive OSINT and tech stack fingerprinting.
2
Automated scanning � Authenticated and unauthenticated scanning using Burp Suite Pro and OWASP ZAP with custom extension payloads.
3
Manual exploitation � Tester-led exploitation: business logic abuse, privilege escalation, session manipulation, chained attack scenarios.
4
Post-exploitation impact � Blast radius assessment, lateral movement potential, and sensitive data exposure pathways.
5
Reporting & debrief � CVSS-scored findings, remediation guidance, full deliverable stack produced, and live debrief call conducted.

Infrastructure penetration testing

Network-level security assessment covering external perimeter, internal network segmentation, Active Directory, and on-premise servers. Aligned to NIST SP 800-115 and CREST methodology. Delivered in black, grey, or white box configuration.

Internal & externalActive DirectoryNIST / CREST
Essentials
External Perimeter
3�5 days � external-only � up to /24 � from �3,600
  • External IP range & ASN assessment
  • Service enumeration & banner grabbing
  • Known CVE identification & exploitation
  • Firewall & ACL rule review
  • DNS misconfiguration testing
Professional
Internal & External
8�12 days � internal + external � from �12,800
  • Everything in Essentials
  • Internal network assessment (VPN or on-site)
  • Active Directory enumeration & attacks
  • Kerberoasting & AS-REP roasting
  • Lateral movement simulation
Advanced
Full Infrastructure
12�20 days � full estate � from �24,000
  • Everything in Professional
  • Domain compromise simulation
  • Persistence & agreed backdoor testing
  • OT / SCADA boundary testing
  • Assumed breach scenario

Cloud security assessment

Configuration review and active penetration testing of AWS, Azure, and GCP environments. Combines CIS Benchmark automation with targeted manual exploitation of IAM, storage, compute, and containerisation layers.

AWS � Azure � GCPCIS BenchmarksIAM & CSPM
Essentials
Cloud Config Review
3�5 days � single platform � from �3,600
  • CIS Benchmark automated assessment
  • Storage bucket / blob public exposure
  • IAM policy over-permission review
  • Security group & firewall audit
  • Logging, monitoring & alerting coverage
Professional
Cloud Pentest
5�8 days � single platform + active testing � from �7,500
  • Everything in Essentials
  • Active IAM privilege escalation paths
  • Metadata service abuse (SSRF ? IMDS)
  • Serverless & container escape testing
  • Secret scanning: env vars, repos, parameters
Advanced
Multi-Cloud Advanced
8�12 days � multi-platform � from �16,000
  • Everything in Professional
  • Cross-account / cross-tenant pivoting
  • CI/CD pipeline & supply chain review
  • Kubernetes cluster & RBAC assessment
  • Infrastructure-as-code (IaC) security review

Mobile application penetration testing

Security assessment of iOS and Android applications using static analysis, dynamic instrumentation, and network traffic interception. Follows OWASP MASVS and Mobile Top 10. Available in black, grey, and white box configurations.

iOS & AndroidOWASP MASVSStatic & dynamic
Essentials
Mobile Essentials
3�5 days � single platform � from �3,600
  • Static analysis of decompiled source
  • Insecure data storage & caching
  • Network traffic interception & proxy
  • Authentication & session testing
  • OWASP Mobile Top 10 coverage
Professional
Mobile Professional
5�8 days � iOS + Android � from �7,500
  • Everything in Essentials
  • Dynamic instrumentation (Frida)
  • SSL pinning bypass
  • Root / jailbreak detection bypass
  • IPC abuse: intents, content providers, deeplinks
Advanced
Mobile Advanced
7�10 days � both platforms + API � from �12,600
  • Everything in Professional
  • Binary reverse engineering
  • Backend API correlation & testing
  • Cryptographic implementation review
  • Third-party SDK vulnerability analysis

API security testing

Targeted assessment of REST, GraphQL, SOAP, and gRPC APIs. Covers BOLA/IDOR, mass assignment, excessive data exposure, injection, and authentication weaknesses. Aligned to OWASP API Security Top 10.

REST � GraphQL � SOAP � gRPCOWASP API Top 10Auth & authorisation
Essentials
API Essentials
2�4 days � up to 50 endpoints � from �2,400
  • OWASP API Top 10 full coverage
  • Auth token security: JWT, API key, basic
  • BOLA / IDOR across all object types
  • Excessive data exposure analysis
  • Rate limiting & quota bypass
Professional
API Professional
4�6 days � up to 150 endpoints � from �6,000
  • Everything in Essentials
  • GraphQL introspection & injection attacks
  • JWT / OAuth 2.0 flow attacks
  • Mass assignment & parameter pollution
  • API gateway misconfiguration
Advanced
API Advanced
6�10 days � unlimited endpoints � from �10,800
  • Everything in Professional
  • Schema-assisted deep fuzzing
  • Microservice trust boundary testing
  • Event-driven API & webhook security
  • gRPC & Protobuf protocol assessment

Social engineering & phishing simulation

Human-layer security testing measuring staff susceptibility to phishing, vishing, and pretexting. All campaigns conducted under strict ethical and legal boundaries with full written client authorisation. Delivers measurable baseline metrics to justify security awareness investment.

Phishing � Vishing � PretextingAwareness metricsISO 27001 A.6.3
Essentials
Phishing Simulation
1�2 days � up to 500 targets � from �1,200
  • Single themed phishing campaign
  • Click-rate, open-rate & credential metrics
  • Department-level reporting
  • Awareness-raising landing page
  • Training programme recommendations
Professional
Multi-Vector Campaign
3�5 days � unlimited targets � from �4,500
  • Everything in Essentials
  • Spear phishing of targeted individuals
  • Vishing: telephone-based pretexting
  • SMS smishing campaign
  • Simulated payload delivery tracking
Advanced
Full Social Engineering
4�8 days � physical included � from �7,200
  • Everything in Professional
  • Physical premises pretexting & tailgating
  • USB drop & device implant simulation
  • Executive targeting (pre-agreed)
  • Full kill-chain narrative report

Red team operations

Adversary simulation engagements that test detection and response capabilities across people, process, and technology. Conducted over an extended period using realistic threat actor TTPs mapped to MITRE ATT&CK. Recommended for organisations with an established security function and SOC capability.

MITRE ATT&CKThreat intel�ledCBEST / TLPT aligned
Professional
Assumed Breach Red Team
10�15 days � defined scenario � from �22,000
  • Defined threat actor TTP scenario
  • Initial access via assumed breach
  • Lateral movement & persistence
  • Crown jewel targeting (pre-agreed)
  • Detection gap & SOC coverage analysis
  • Purple team debrief option
Advanced
Full Red Team Operation
20�30 days � full kill chain � from �44,000
  • Everything in Professional
  • OSINT-led scoping & threat profiling
  • Full initial access: phishing, physical, supply chain
  • Custom C2 infrastructure deployment
  • CBEST / TIBER-EU alignment (optional)
  • Board-level strategic threat briefing

Wireless network penetration testing

On-site assessment of Wi-Fi infrastructure, rogue access point detection, and wireless client-side attacks. Covers corporate, guest, and IoT segments. Aligned to ISO 27001 Annex A physical and network security controls.

WPA2/3 � 802.1X � EAPRogue AP detectionOn-site
Essentials
Wireless Essentials
1�2 days � single site � from �1,200
  • Wi-Fi survey & signal mapping
  • Encryption standard review (WPA2/3)
  • Rogue access point detection
  • Guest network isolation testing
Professional
Wireless Professional
2�3 days � multi-segment � from �3,000
  • Everything in Essentials
  • 802.1X / EAP misconfiguration attacks
  • PMKID & handshake capture attacks
  • Evil twin & deauthentication simulation
Advanced
Wireless Advanced
3�5 days � multi-site + IoT � from �5,400
  • Everything in Professional
  • IoT / OT wireless device enumeration
  • Bluetooth & Zigbee protocol assessment
  • RADIUS server attack simulation

Tier comparison � all services

Select a service to compare Essentials, Professional, and Advanced side by side. All tiers include the full universal deliverable stack.

Feature / capabilityEssentialsProfessionalAdvanced
Duration3�5 days5�8 days8�12 days
Testing approachBlack boxGrey boxGrey / white box
User roles in scopeUp to 5Up to 10Unlimited
OWASP Top 10 coverageFullFullFull
Business logic testingIncludedIncluded
OAuth / SSO / MFA bypassIncludedIncluded
Source code�assisted reviewIncluded
Chained attack scenariosIncluded
Architecture & threat model reviewIncluded
Indicative price range�3,600 � �6,000�7,500 � �12,000�16,000 � �24,000
Ideal forCyber Essentials PlusISO 27001 auditPre-launch / regulated
Feature / capabilityEssentialsProfessionalAdvanced
Duration3�5 days8�12 days12�20 days
ScopeExternal onlyInternal + externalFull estate
IP rangeUp to /24Up to /16Unlimited
CVE exploitationIncludedIncludedIncluded
Active Directory attacksIncludedIncluded
Lateral movement simulationIncludedIncluded
Domain compromise simulationIncluded
OT / SCADA boundary testingOptional
Indicative price range�3,600 � �6,000�12,800 � �19,200�24,000 � �40,000
Feature / capabilityEssentialsProfessionalAdvanced
Duration3�5 days5�8 days8�12 days
PlatformsSingle (AWS/Azure/GCP)Single + active testingMulti-cloud
CIS Benchmark scanIncludedIncludedIncluded
IAM privilege escalationReview onlyActive exploitationActive exploitation
Kubernetes / container testingBasicFull K8s assessment
CI/CD pipeline reviewIncluded
Indicative price range�3,600 � �6,000�7,500 � �12,000�16,000 � �24,000
Feature / capabilityEssentialsProfessionalAdvanced
Duration3�5 days5�8 days7�10 days
PlatformsiOS or AndroidiOS + AndroidBoth + API backend
Static analysisIncludedIncludedIncluded
Frida instrumentationIncludedIncluded
SSL pinning bypassIncludedIncluded
Binary reverse engineeringIncluded
Indicative price range�3,600 � �6,000�7,500 � �12,000�12,600 � �18,000
Feature / capabilityEssentialsProfessionalAdvanced
Duration2�4 days4�6 days6�10 days
Endpoint volumeUp to 50Up to 150Unlimited
OWASP API Top 10FullFullFull
GraphQL deep testingBasicFull injection + introspectionFull
gRPC / ProtobufIncluded
Indicative price range�2,400 � �4,800�6,000 � �9,000�10,800 � �18,000
Feature / capabilityEssentialsProfessionalAdvanced
Duration1�2 days3�5 days4�8 days
Target volumeUp to 500UnlimitedUnlimited
Email phishingSingle themeSpear + bulkSpear + bulk
VishingIncludedIncluded
Physical pretextingIncluded
USB drop simulationIncluded
Indicative price range�1,200 � �2,400�4,500 � �7,500�7,200 � �14,400
Feature / capabilityProfessionalAdvanced
Duration10�15 days20�30 days
Initial access methodAssumed breachFull kill chain
MITRE ATT&CK mappingIncludedIncluded
C2 infrastructureStandardCustom built
Physical access testingOptional
CBEST / TIBER-EUOptional alignment
Indicative price range�22,000 � �33,000�44,000 � �72,000
Feature / capabilityEssentialsProfessionalAdvanced
Duration1�2 days2�3 days3�5 days
SitesSingle siteMulti-segmentMulti-site + IoT
Rogue AP detectionIncludedIncludedIncluded
EAP / 802.1X attacksIncludedIncluded
IoT / Bluetooth / ZigbeeIncluded
Indicative price range�1,200 � �2,400�3,000 � �4,500�5,400 � �9,000

Who we are

A specialist offensive security practice delivering penetration testing, red team operations, and security assurance across the UK. Our consultants hold industry-leading certifications and operate under a rigorous delivery framework aligned to CHECK, CREST, and internationally recognised security standards.

Certifications & accreditations

CREST
Certified Security Testing
CHECK
NCSC Approved Methodology
Cyber Essentials
Certification Body
OSCP / OSEP
Offensive Security Certified
ISO 27001
Internally certified
�5M PI Insurance
Professional indemnity cover

Why clients choose us

Certified consultants only

Every engagement is delivered by CREST-certified or CHECK-qualified testers. No juniors running scans unsupervised � you get senior practitioners with direct accountability for every finding.

Board-ready reporting

Our reports are written for two audiences simultaneously: a technical finding for your engineers and a risk-rated executive summary that board members can act on without translation.

Free retest included

Every engagement includes a free retest of all Critical and High severity findings within 30 days. We don't close an engagement until your most serious vulnerabilities are confirmed remediated.

72-hour report delivery

Standard report turnaround is 72 hours from test completion. Draft findings are shared within 24 hours for time-sensitive engagements and compliance deadlines.

Compliance-ready outputs

Every report maps findings to CHECK, ISO 27001 Annex A, and Cyber Essentials controls � reducing your audit preparation burden significantly and satisfying most certification body requirements.

Responsible & insured

We operate under a formal responsible disclosure policy. All findings are treated as confidential. We hold �5M professional indemnity and �5M public liability insurance on every engagement.

What our clients say

The quality of the report was exceptional � genuinely useful remediation guidance, not just a list of CVEs. The executive summary meant I could brief the board without translating technical findings. We'll be using them annually.
Head of IT Security � Financial Services, 400 staff
We needed a web application test ahead of a major enterprise client audit. They scoped it quickly, started within two weeks, and delivered a clean ISO 27001-mapped report that satisfied our auditors first time. Exactly what we needed.
CTO � SaaS Platform, Series B
Their phishing simulation was eye-opening. 34% of staff clicked. The department-level breakdown let us target awareness training precisely where it mattered most. The follow-up six months later showed a drop to 8%.
CISO � Professional Services, 250 staff

Book a 30-minute scoping call

No obligation. We'll discuss your requirements, recommend the right service and tier, and provide a formal proposal within 24 hours.

Request a call

Calendly booking widget

Online booking coming soon. In the meantime, email us at contact@strategicedgeconsulting.co.uk to request a call.

Frequently asked questions

Answers to the questions we receive most from first-time buyers, compliance teams, and procurement departments evaluating security suppliers.

Book a call

Scoping questionnaire & quote generator

Answer a few targeted questions about your environment and requirements. We'll recommend the right tier and provide an indicative investment range � in under two minutes.

1
Service
2
Scope
3
Context
4
Quote
5
Proposal

Which service(s) do you need?

Select one or more. Multi-service engagements receive a bundled discount (7% for two services, 12% for three or more).

Web Application
Infrastructure
Cloud Security
Mobile App
API Security
Social Engineering
Red Team
Wireless