21 Expert Guides

Penetration Testing: Standards, Methodologies, and Practice

21 guides on CREST, OWASP methodologies, API/web/mobile testing, and pricing

Penetration testing is the practice of simulating real attacks against your systems to find vulnerabilities before attackers do. This library of 21 guides covers the methodologies (OWASP WSTG, MASVS, PTES, OSSTMM), the certifications (CREST, CHECK), and the practical realities of web, mobile, API, network, and wireless assessments.

All Guides in This Library

10 Cybersecurity Areas AI Is Already ChangingAI is changing how attacks happen and how defences work. Ten areas where it matters now, assessed honestly by a pen tester.
AI in Cybersecurity: What's Real, What's Marketing, and What MattersA pen tester's honest assessment of where AI genuinely changes cybersecurity and where vendors are just rebranding old tools.
API Security Testing: What a Pen Tester Actually ChecksMost API tests are automated scans with a report. Here is what a CREST tester actually checks and why it matters.
Active Directory Attacks Explained: What We Find on Internal NetworksActive Directory attacks are among the most common findings on internal pen tests. Here are the techniques attackers use and what your IT team can do
Automated Compliance Monitoring with Playwright and N8NHow we use Playwright and N8N to automate Cyber Essentials compliance checking. Continuous monitoring instead of annual surprises.
Building AI-Assisted Security AssessmentsHow AI is being integrated into Cyber Essentials and pen testing assessments. What it speeds up, what it can't replace, and where the line sits.
CREST Pen Testing ExplainedWhat CREST certification means for penetration testing, the difference between individual and company accreditation, and why it matters when choosing
Can AI Actually Do a Pen Test?AI tools find known vulnerabilities. Pen testers find the things no scanner checks for. The difference costs money when it matters.
Configuration Review: What It Is and Why It's Part of a Security AssessmentWhat a configuration review tests, how it differs from a vulnerability scan, and what it reveals about your actual security posture. Written by a CRES
How Much Does a Pen Test Cost in the UK?What penetration testing actually costs in the UK and what drives the price. Day rates, scope factors, and how to tell a real test from a rebranded sc
How We Allocate Pen Testing DaysWhat determines how many days a pen test takes. Scope, assets, methodology, and the questions to ask before you get a quote.
How We Recreate Real Vulnerabilities in Our LabMost pen testers never show you what they actually find. We recreate real penetration testing findings in a controlled lab so you can see what we look
Infrastructure Pen Testing: What We Actually Test on Your NetworkExternal scans tell you half the story. Here is what a CREST tester checks on your internal network, servers, and Active Directory.
LLMNR and NBT-NS Attacks: What Your IT Team Should KnowLLMNR and NBT-NS are enabled by default on Windows. Attackers use them to capture password hashes on internal networks. The fix takes minutes.
Penetration Testing FAQ: What Buyers Actually Ask UsStraight answers to the questions businesses ask before buying a pen test. CREST, CHECK, cost, timing, and what the report looks like.
Penetration Testing: What UK Businesses Need to KnowA pen test is not a scan. This guide explains what penetration testing involves, when you need one, and what to look for in a tester.
Social Engineering Testing: What It Involves and When You Need ItPhishing simulations are one part. Real social engineering testing covers phone calls, physical access, and the human decisions no scanner checks.
The HTTPS Fallacy: Why the Padlock Means Less Than You ThinkHTTPS encrypts the connection. It says nothing about who you're connected to. A pen tester explains why the padlock is not a trust signal.
Types of Penetration Testing: Which One Do You Need?External, internal, web app, API, wireless, social engineering. Each type of pen test checks different things. This guide explains which ones matter f
Vulnerability Assessment vs Penetration Testing: What's the Difference?A vulnerability assessment finds known weaknesses. A penetration test exploits them. Both are useful, but they are not interchangeable.
Web App Pen Testing: What Gets Tested and Why It MattersWeb application testing checks the things your scanner can't see. Authentication flaws, access control gaps, and the business logic mistakes that cost

Ready to Get Started?

Skip the research and talk to an expert. Our lead assessor has worked with 800+ UK organisations.