0345 305 4118
CREST Penetration Testing


Capital Network Solutions is an approved CREST Penetration Testing Service Supplier headquartered in Wales. We provide a pragmatic approach to penetration testing services and layer that approach in a tier list based on complexity. The complexity tier offerings are in context to both Infrastructure and Web Application penetration testing in an external or internal format.

  • Tier 1 - Vulnerability Scan
  • Tier 2 - Vulnerability Assessment
  • Tier 3 - Penetration Test

Each tier of complexity will incorporate the previous wherever required within the context of engagement. The term “penetration testing” is often used interchangeably to describe both of the lower two tiers described above.

Tier 1 - Vulnerability Scan

A vulnerability scan is a series of checks based on common vulnerabilities and lists the issues based on criticality using the Common Vulnerability Scoring System (CVSS). The objective is to highlight common problems and often compared to as a monthly “MOT” check of external/public interfaces.

Tier 2 - Vulnerability Assessment

The vulnerability assessment process is dependant on the engagement context, such as a web application and external infrastructure. A vulnerability assessment, often compared as replication to the initial steps in a real-life attack, the point at which a malicious actor is thwarted and moves on to an easier target.

External infrastructure is subject to port enumeration, common vulnerabilities, manual inspection of services of potential interest and bad configurations.

Web technologies require in the context of a vulnerability assessment, inspection of code without the means of further exploiting issues, for example, finding an arbitrary Remote Code Execution (RCE) flaw without further exploitation.

The objective is to highlight common and obscure problems and often conducted to reduce general costs over a penetration test. However, a vulnerability assessment is not a penetration test and excludes numerous attack surfaces and techniques.




Tier 3 - Penetration Test

Similar to a vulnerability assessment, with the inclusion of advanced techniques and methods in real-world attack chains. These methods may include bypassing web application login mechanisms, obscure SQL injection surfaces, weak credentials, etc. while directly exploiting found issues.

Leveraging these issues is a means of gaining general data, passwords, and a foothold within the scope definition using audited methodologies to safely exploit identified vulnerabilities to address the risks by the development of a remediation plan.

Capital Network Solutions do not undertake Denial of Service (DoS) type testing, privilege escalation or defacement activities unless expressly authorised to do so.

The objective is to highlight avenues to critical business systems and services to prevent future compromise from advanced vectors. A penetration test is a go-to standard to identify risk and exposure.

In all cases proof of ownership of systems will be required by CNS as will documented permission and legal disclaimers where appropriate.



The esteemed accreditation means organisations can be assured that our Penetration Testing services stand out from other UK companies, and are:

  • Delivered using best practice policies and procedures
  • Carried out by highly-qualified individuals with up-to-date knowledge and skills to tackle vulnerabilities and techniques used by real attacker
  • Covered by rigorous and enforceable codes of conduct

Contact our testing team


Offering a comprehensive range of Testing Services from a highly accredited team

  • CREST approved Penetration Testing Services
  • Tiger Qualified Security Team Member (QSTM)
  • Certified Information Systems Security Professional (CISSP)
  • Offensive Security Certified Professional (OSCP)
  • CESG CCP Senior IA Auditor
  • Certified Cyber Forensics Professional (CCFP)
  • G-Cloud 12 Framework Supplier
  • UK Government IASME-accredited Cyber Essentials Plus Certification Body 
  • Recognised as an IASME Gold Standard Company & Certification Body
  • Holding over 40 different accreditations in 20 specialist technology areas

“We have worked closely together in recent years to successfully gain our Cyber Essentials Plus accreditation and help ensure new services are designed and tested securely. Given the challenges of today’s budget pressures and increasing Cyber security risk we have found Capital Networks to be an effective, reliable and professional partner"

Myles Jordan
Head of ICT security and Risk Management, Natural Resources Wales
Copyright @2017 Capital Network Solutions
See how we perform for clients
Customer Satisfaction
Client retention rate
Business from referrals