What is network penetration testing

A network penetration test identifies vulnerabilities in applications and systems using malicious techniques to evaluate the network’s security or lack of response. 

Similar to vulnerability assessments, a network penetration test, also known as a pen test, aims to exploit vulnerabilities identified in a network.

However, unlike a vulnerability assessment, a penetration test simulates a potential attack on harder to find vulnerabilities in a network.

SecuriCentrix penetration testers have extensive network penetration testing experience, helping organisations identify exposures across on-premises and cloud environments.

Types of network penetration testing

Network penetration testing, or Infrastructure penetration testing, can be performed either inside or outside your organisation’s network perimeter. 

  • Internal network penetration testing
    An internal network pen test is performed to gauge what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, intentionally or unintentionally performing malicious actions or an attacker inside your network.
  • External network penetration testing
    An external network pen test tests the effectiveness of perimeter security controls to prevent and detect attacks and identify weaknesses in internet-facing assets such as web, mail and FTP servers.

The Challenges Of Network Infrastructure Testing

With threats constantly evolving, the recommendation is that every organisation should undertake penetration testing at least once a year, but more frequently when: 

  • Making significant changes to infrastructure
  • Launching new products and services
  • Undergoing a business merger or acquisition
  • Preparing for compliance with security standards
  • Bidding for large commercial contracts
  • Utilising and developing custom applications

The Benefits Of Network Infrastructure Testing

A SecuriCentrix network pen test follows a tried and tested methodology to identify, exploit and help address vulnerabilities. Here’s how we approach an external network assessment: 

SecuriCentrix’s network and infrastructure testing experts work with you to define any networks and assets in scope and devise an appropriate assessment strategy.

Reconnaissance and intelligence gathering
Our network penetration testers use the latest intelligence gathering techniques to uncover security and technical information to help them access your network.

Active scanning and vulnerability analysis
Using a combination of manual and automated tools, our testers identify security weaknesses and develop a strategy to exploit them.

Our experienced network penetration testers exploit all identified vulnerabilities but safely avoid damage and disruption.

Once a network assessment is complete, our testers document important findings and supply prioritised remediation guidance to address any identified exposures.


SecuriCentrix is a  provider of penetration testing services. Our ethical hacking engagements, including network penetration testing and web application testing, help organisations to achieve PCI DSS pen test standards by identifying weaknesses that could enable card payment details to be compromised by criminal attackers. 

We perform extensive network penetration testing. The vulnerabilities detected by our network penetration testing service include:

Why Choose Us

Securicentrix is a CREST-accredited and award-winning provider of penetration testing services. Our ethical hacking engagements, including network penetration testing and web application testing, help organisations to achieve PCI DSS pen test standards by identifying weaknesses that could enable card payment details to be compromised by criminal attackers. 

Frequently Asked Questions

Penetration tests are the authorised, simulated cyber-attack against your computer system in a targeted environment to check for exploitable vulnerabilities. The penetration tester will use both manual or automated testing techniques to identify the vulnerabilities that are in an environment and use these to exploit the environment potentially. 

Internal Penetration tests
Internal tests simulate an attack that has already bypassed your security perimeter. It discovers what an attacker can do internally, such as moving across systems and networks. It also simulates what a trusted insider (like disgruntled employees) could potentially do.

External Penetration tests
External tests simulate the ability of an attacker to gain access to your internal network and infrastructure from outside of your security perimeter.

Segmentation Tests
Segmentation Tests are conducted from untrusted networks to validate the functioning of segmentation security controls.

Web Application Penetration testing
Web application penetration tests are conducted against public-facing web applications or interface to validate whether vulnerabilities, including those listed in OWASP, will expose the back-end systems to any potential attacks or compromises.

Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. So it’s more indicative of a real-world attack, but this method may not always expose all vulnerabilities.

White Box tests are tests where the penetration tester can access complete and in-depth information on the infrastructure kept for testing. Whilst not as realistic as a black-box test, it allows thorough testing of the infrastructure.

Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, systematic test whilst keeping the scenario relevant and realistic.

As part of Requirement 11, PCI DSS requires Internal Infrastructure Tests, External Infrastructure Tests and Segmentation Tests. In addition to this, as per Requirement 6, the applications or interfaces should have a public-facing environment. One will also need to perform a Web Applicable Penetration test known as Web Application vulnerability assessments. 

As a good security practice, Internal, External and Web application tests should be conducted at least annually or after any significant change to the infrastructure or applications, this is to ensure that the change has not adversely affected the security of the environments in which they reside. In addition, segmentation testing should be completed every six months if you are a service provider facilitating payments and annually for other organisations. 

Our services

SecuriCentrix’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture. 


Expert security services and solutions tailored to your needs