top of page

What is Penetration Testing?

Updated: Nov 16, 2021

In this guide, we will answer some of the most common questions that you may have surrounding Penetration Testing including the following:

This should provide insight and help dispel some of the myths and misconceptions surrounding these cybersecurity services.

Traditional Penetration Testing (pen testing) involves skilled cyber security professionals (ethical hackers) testing against an agreed scope of a business's assets for known cyber vulnerabilities.

Why should businesses invest in penetration tests?

The approach is designed to enable businesses to better understand, and discover for the first time, specific issues within their technology estate that could be exploited by a genuine attacker seeking to disrupt their services and cause unexpected and unwanted business impact.

Most pen testers use a combination of 'off the shelf' vulnerability scanning software products in conjunction with their own expertise to produce a 'point in time' view of the cyber risks within the scope of their assessment. The majority of penetration testers seek to find vulnerabilities that are already known to exist within commercial applications and/or areas of their configuration, with only the most talented ethical hackers discovering new ('0 day') vulnerabilities that have not been previously identified through any other cyber testing engagements.

When is pen testing most effective?

Pen testing is most effective when the scope has been clearly defined; the technology teams that built and/or support that scope are made available to the pen-testers for general guidance, and the technology estate itself is one that changes by only a very small degree between testing engagements.

How long does a pen test last?

Depending on the scope of the pentest a traditional engagement can last from a single day to a number of days depending on the number of technology assets, or the architectural complexity, of the business estate being explored.

Why are pen tests important?

The main aim of a penetration test is for the testers to produce an up to date report that supports an organisation to understand, remediate and continue to deliver services from a tested technology estate that is free from exploitable cyber vulnerabilities.

For modern organisations that continually update their platforms, configurations, or push new software releases to production on a regular basis, cyber vulnerabilities are constantly being created within their estate and so the regularity of pentesting becomes a critical aspect of maintaining a strong cyber security posture through frequent testing.

Improving and maintaining network security infrastructure is a core aim for organisations. Engaging penetration testers who emulate the behaviours of genuine cyber attackers (or 'bad actors') is one of the most effective ways to ensure that technology configurations or architectural issues are identified and remediated.

The most important aspects of pen testing are to engage with reputable penetration testers and to ensure that the scope of their testing is clearly defined alongside rules of engagement that are set to reduce the risk of their testing causing business impact.

The benefits of an organisation operating a regular penetration testing regime are plentiful, however, there can be drawbacks: ad-hoc engagements can lead to a 'resource drain' being placed on the inside team members who may be required to spend time upskilling the testers on the technology scope being analysed; the pen tests themselves carry an inherent risk of causing an unexpected impact on the scope being explored which can lead to business interruption; the skillset of penetration testers is hugely variable as the cyber market is saturated with competitive consultancies who are increasingly employing junior resources to deliver what should be highly-experienced service delivery, this, in turn, reduces the value-gain from some engagements.

What are the types of pen testing?

Penetration Testing comes in many forms and the type of Penetration Testing you need is dependent on the scope or 'target' of technical or non-technical asset that's being tested.

Here is a full list of example penetration testing types:

Web Application Penetration Testing

Also commonly known as Web App Pen Testing is a Penetration Test against a website, such as a corporate brochureware site, e-commerce system or Software-as-a-Service (SaaS) platform.

Infrastructure Penetration Testing

Also commonly known as Infra Pen Testing is testing against the underlying infrastructure of your organisation. This might, for example, be the infrastructure supporting your website or wider technical estate to include email systems and infrastructure hosting remote access services such as your corporate Virtual Private Network (VPN).

VPN Penetration Testing

Also commonly known as VPN Pen Testing refers to the testing of your remote 'Virtual Private Network' which is typically used to access corporate infrastructure, services and resources remotely from anywhere in the world. Such a test would typically assess the security of your VPN services, whilst also providing an in-depth configuration review and security best practice audit of your VPN.

API Penetration Test

A pen test against your Application Programming Interface (API) is a test where your overall API and the associated endpoints will be reviewed from a security hygiene perspective. Common areas of focus will include authorisation and authentication mechanisms and the potential for privilege escalation to compromise other users' data.

Physical Penetration Test

A pen test doesn't always have to be against technical assets, it can also be against physical and non-technical assets such as data centres, office premises and other physical locations associated with the organisation. This form of physical pen test will often see the ethical hacker physically attempt to gain access to the location using physical social engineering techniques.

Social Engineering Penetration Testing

This form of pen testing attacks people directly using social engineering techniques. For example, the ethical hacker or pentester might attempt to convince the target they are someone they are not in order to gain access to sensitive information. They may also use phishing (email-based), smishing (SMS based) and/or vishing (voice-based) techniques to aid their social engineering approach.

SCADA Penetration Testing

SCADA stands for Supervisory Control and Data Acquisition systems that are often used to control plant, machinery or building control. These systems are a key target for hackers as they are not usually well maintained and tend to run legacy software and services. A SCADA Pen Test will directly target these controls systems and demonstrate the impact of compromise whilst recommending best practice approaches for remediation of SCADA-specific vulnerabilities.

Which is easier: network pen testing or web app pen testing?

The short answer is that neither are 'easy' nor 'easier'. A network pen test and web app pen testing are two different aspects of Penetration Testing. As explained in our 'What are the types of pen testing?' section there are various types of Pen Testing with network pen testing and web app pen testing being two sides of the same coin - but each being inherently different.

A network pen test will target the underlying network or infrastructure of an environment whereas a web app pen test will target the web app deployed onto that network and its associated infrastructure.

As they are different layers of the same ecosystem, the approach the pen test provider takes will differ slightly between them. This is because the potential vulnerabilities that exist at the network layer versus that at the web app layer are different and detecting them requires a variance of approach.

What does VAPT stand for?

VAPT stands for Vulnerability Assessment and Penetration Testing. Think of VAPT as two different types of testing approaches for vulnerability identification. They each have different approaches and are for different purposes.

Penetration Testing should always follow a manual approach, led by a security professional or ethical hacker who is experienced and accredited. The penetration tester performing the penetration test will attempt to identify vulnerabilities in the underlying target system/s and applications and remain within the boundary of the client-defined scope whilst doing so. To identify vulnerabilities they will use a mixture of techniques and will be assisted by tooling where appropriate to achieve scale and pace. The Penetration Tester will attempt to 'exploit' discovered vulnerabilities in certain cases to evidence their presence and use these exploits as vectors to form a wider attack chain to identify further weaknesses.

Vulnerability Assessment by comparison has a heavy reliance and bias towards tools, typically automated vulnerability scanners that drive the basis of the vulnerability assessment. These tools have a list of pre-built checks for known vulnerabilities. Whilst vulnerability assessments tend to get more coverage, quickly they are more prone to both False Positives and False Negatives. They commonly report vulnerabilities that are not present or more critically miss real vulnerabilities. Increasing the risk further of using Vulnerability Assessments in isolation is the fact that they cannot find the deep vulnerabilities that can be found by a focused ethical hacker. It is these 'non-specific' vulnerabilities that are often the most critical and missed by traditional Vulnerability Assessments.

Within an organisation's security control set - there is always a balance to be struck, and utilising the benefits of penetration testing and vulnerability assessment as part of a holistic approach can drive value and allow for wider vulnerability identification across an organisation.

How do I perform penetration testing?

To perform penetration testing you should engage with an established and accredited Penetration Testing supplier. More so, ensure that you validate the credentials and capabilities of the individual ethical hackers within the pen test company performing the actual pentest itself.

If you are new to the field and are curious about performing penetration testing yourself and learning how to pen test the best starting point is to engage with ethical hackers already in the pen test field. For example by meeting them at community events. There are also a wealth of free resources available on CovertSwarm's website to help you better understand and establish yourself within the pen test industry.

How to pen test a website?

To pen test a website or conduct a web app pen test we recommend engaging with an organisation that specialises in ethical hacking and is certified and accredited to do so. There are specific laws that have to be abided by and legal contracts in place between both the ethical hacker and the target organisation to cover all parties involved. The Pentest company and their ethical hackers can provide guidance and support and it is always advised to ensure they are accredited under schemes such as the Council of Registered Security Testers (CREST) with their Penetration Testing and Simulated Attack and Response (STAR) schemes, that can help provide further quality assurance.

To pen test a website the ethical hacker would typically follow an established and trusted methodology such as that provided by The Open Web Application Security Project (OWASP). OWASP is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. They are most commonly known for their OWASP Top 10 project but have numerous other projects such as the OWASP Testing Guide which is often at the core of most ethical hackers web app pen testing methodologies.

A starting point to pentest a website will often be utilising tools such as Burp Suite but with a wider focus on manually testing the website for vulnerabilities as outlined in the OWASP Top 10 project and OWASP Testing Guide.

How to pen test a mobile app?

Similar to the 'How to pentest a website?' question - ensuring you are engaged with a certified and accredited penetration testing organisation is the key to the success of your mobile app pen test; as is ensuring that the ethical hacker you are working with has specific expertise in the mobile app testing field. Like any domain or discipline no one person is an expert in every aspect of it, that's where a Swarm approach, such as that used by CovertSwarm drive deal value to your penetration testing program: this sees a blended cyber-attack driven by a diverse team of subject matter experts being delivered for maximum potency, efficacy and value.

A great place to start when pen-testing a mobile app is the OWASP Mobile Security Testing Guide. Typically the mobile app pen tester will start with the mobile app running in a simulated environment and situate their testing environment between that of the simulator and APIs the mobile app is communicating with. They are effectively performing a 'man-in-the-middle attack to intercept and manipulate the data as part of a wider mobile app testing approach. The mobile app pen tester will also look over the local configuration of the application. It is usually advisable that you provide a copy of the underlying mobile app code to your pen test provider to ensure that they can take an 'open book' approach and ultimately thoroughly test your mobile app.

How to pen test an API?

As we explored in 'How to pen test a website?' and 'How to pen test a mobile app?' we always advise that you ensure that the pen test provider for your ethical hacking and pen testing requirement is experienced, certified and accredited.

A great place to start when pen-testing an API is with the OWASP API Security Project.

Understanding the nuances of pen testing an API versus that needed for a web app pen test or mobile app pen test is key. Ensuring your have a suitable testing (non-production) environment and the associated API schema or documentation available will really help accelerate testing and its efficacy.

When pen-testing an API, looking at authentication and authorisation flaws as well as areas for injection, such as SQL injection should be key testing points of focus.

How to pen test cloud computing environments?

Penetration Testing of a cloud computing environment such as a pen test against Microsoft's Azure Platform, Google's Cloud Platform (GCP) or Amazon's Web Services (AWS) platform is rare unless you are engaged directly with Microsoft, Google or Amazon against their cloud environment. In fact, pen-testing directly against a cloud provider's infrastructure is normally forbidden and may break associated laws.

You are, however, usually permitted to carry out a pen test against your specific deployment upon the cloud environment, for example, the web application, APIs or wider infrastructure you have configured and operate in that vendor's cloud estate. You can not typically pen test the underlying cloud platform itself, just your environment that is hosted upon it.

A cloud pen test can take the form of a configuration review or cloud best practice audit. This is where the pen test provider and their ethical hackers provide a security audit of the cloud environment, especially how it has been configured/set up. Typically, they will baseline against security best practices for that cloud environment and recommend areas of improvement. This can help mitigate the potential for wider vulnerabilities or misconfiguration that could be used as part of a genuine attack.

How difficult is pen testing?

Like any discipline, pen testing is a skill set that you have to learn, practice and become established in. A skillset needs time to develop, that's the same with pen-testing. Each pen test project will have a varying degree of difficulty and challenge, but the more pen test projects you deliver and the more experience you have with different environments the more likely you are to find the most critical vulnerabilities quickly. That said, every single environment is different and whilst there will be commonalities there will always be a variable in attack chain approaches and the way you establish and identify the presence of vulnerabilities.

How long does a pen test take?

The length of a pen test project is dependant on the 'scope' of the engagements coverage: what's included to be tested. This will detail the assets 'in-scope' for testing and the depth of testing required, along with any limitations or caveats ('rules of engagement').

This will typically be translated into a number of days for a 'point in time' penetration testing project. The simplest test of a single system might be a single day. Whereas a project covering a large number of technology assets at various layers across numerous environments may take many months to complete.

What tools are used for pen testing?

Pentest teams will use a mixture of tools, blended heavily with manual penetration testing techniques to establish the presence of vulnerabilities within a target scope. The tools used will also be dependent on what is being tested.

Some of the most common tools include:

Burp Suite

From PortSwigger, Burp Suite is a key tool for anyone testing Web Applications, APIs or wider apps. Burp Suite's "Professional" licence (vs. "Community") contains a full scanning suite for applications. It also contains proxy capabilities, the ability to rapidly repeat requests and perform fuzzing at scale.


Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing. NMAP enables scanning of networks at scale to identify ports, services and with their scripting engine vulnerabilities. This tool can quickly allow a pen test to identify potentially vulnerable services.


A collaboration between the open-source community and Rapid7, Metasploit is the world's most used penetration testing framework and is normally found at the core of any pen tester's toolset.

Kali Linux

Finally, Kali Linux is a Linux distribution filled with various Pen Test tools and is often the starting point for testers who often go on to create their own environments and compile tools for their unique needs.

Which OS is most powerful for pen testing or hacking?

There is no such thing as 'the most powerful' OS (operating system) for pen testing or hacking. The simple answer is to use whatever you have a preference for and expertise with. It is also worthwhile to become familiar with an array of operating systems. Not only will this help you to better pen test a mixture of systems, but there are also some toolsets and techniques that need to be conducted from a specific operating system or are only compatible on certain platforms.

What makes Linux systems more appropriate for pen testing?

There is a common misconception in the industry that Linux systems are in some way more appropriate or 'better' for performing pen-testing. This is not the case. Whilst there are pen testers who will use a Linux distribution as their main operating system others will use a Windows-based system. With modern virtualisation capabilities, it's simple to build out other systems with different operating systems from a main 'host' operating system. This also allows you different approaches and toolsets from the same underlying hardware.

Which programming languages are best for doing pen testing?

There is no specific 'best' programming language for pen-testing. Work with whatever you prefer or where your expertise has been built upon. That said, a common favourite within the Pen Test community is Python.

Is it possible to automate the full process of penetration testing?

No. It is not possible to automate all penetration testing processes. Vendors that sell 'Automated Penetration Testing' services are typically just doing Vulnerability Assessments. Whilst Pen testers can bring various efficiencies to their work, the value in a penetration test is that of the ethical hacker's skillset. An ethical hacker delivering a penetration test should always go far beyond that of an automated scan or Vulnerability Assessment.

An ethical hacker will drive efficiencies and automate elements of their process and techniques but only so much can be done. Automation can help the pen tester dive deeper than others who haven't driven efficiencies into their processes.

What are pen testing services?

Pen Testing is a service you procure where an ethical hacker is employed to 'test' a target scope, for example, a Web Application or Infrastructure IP range, in order to identify cyber vulnerabilities and weaknesses that it contains which may lead to compromise by a malicious hacker.

Penetration testing services explained

Employing an organisation for penetration testing services isn't without risk as their methods of scanning, probing and researching technologies can in rare cases lead to system performance or availability being compromised due to the unexpected behaviours of the assets being tested. Experienced pentesters will agree 'rules of engagement' with the client in advance of their tests commencing to ensure that they treat critical infrastructure with extreme care, remain readily available to answer client questions, and will understand how to approach the testing using tools and techniques in a way that reduces the risk of unwanted test-related impact.

Most reputable penetration testers are highly certified and have accreditation under CREST, TigerScheme, CyberScheme and/or Offensive Security which provides a level of assurance to their clients that they have been rated to a high degree of hands-on offensive cyber and information security skill.

At the end of a pen test, a report is produced that details the cyber vulnerabilities detected within each asset of the scope, as well as their severity - normally to a 'CVSS' rating - in order to help the business to understand the priority with which they should address the findings as part of their post-test remediation work.

The Penetration Test is often provided by a company that provide accredited pen test services, such as the Council of Registered Security Testers (CREST).

Pen testing services come in many forms: for example, you can procure Web Application Penetration Testing; Infrastructure Penetration Testing; API Penetration Testing, and many other forms.

Typically the pen tests are 'point in time' and the output from the pen test will be a PDF or Excel-based report which contains a list of findings and vulnerabilities as well as a summary of the overall pen test activity.

Why employ network security professionals?

You would employ network security professionals to help support, improve, defend and test your network security.

Network security professionals can either be employed directly by your organisation or through a third party services vendor, such as a pen-testing consultancy. The skillsets of network security professions typically vary greatly. Skillsets can include:

  • pen testing

  • red teaming

  • blue teaming

  • cyber incident response

  • governance

  • risk; compliance

  • offensive security

What is a pen test report?

A pen test report is a document provided and presented by the Penetration Testing provider at the end of their pentest engagement.

The report should contain an executive or management summary; details of all findings; and technical information relating to the vulnerabilities.

Some vendors will offer different types of reports: for example, a 'Management Report' and a 'Technical Report', whereas others may separate reporting into 'Noise' and 'Breach'. 'Breach' is details of an actual (proven) attack chain that has led to a point of compromise; and the 'Noise' report containing wider details of vulnerabilities, which whilst they should be remediated don't necessarily lead to a direct point of compromise. Reducing noise can help you improve your overall security posture and raise the security bar.

How much does a pen test cost?

The cost of a penetration test is directly linked to the scope of the project i.e. what is included in the pen test.

Penetration Test providers usually provide their services at a day rate and will then assign a number of days to complete the agreed scope which in turn will provide an overall pen test cost.

Organisations will agree on the scope with the pen test provider ahead of pen test commencement. The scope itself could be an asset that the organisation wants to be pen tested: for example, the scope could be a pen test of a single 'brochureware' website; or of an infrastructure range; an internal penetration test; a build review pen test; or a simulated cyber attack.

As pen test services continue to modernise, pen test vendors are starting to move more towards subscription models or outcome-based service delivery where a fixed monthly cost will be provided over the more traditional pen test with a client-limited scope and day rate.

Which company provides the best penetration testing services?

There is no one company that will provide the best penetration testing services. You need to take a view of the pen test company as a whole, their areas of pen test specialisation as well as their credentials and accreditation.

Also, look at the capabilities and skillsets of their pen-testers as well as their personal accreditations and certifications.

Evaluating both the pen test company and their pen testers will give you the insight to evaluate both against the requirements of your pen test and if they can provide the best penetration testing services for your pen test requirement. Areas to consider should include:

  1. Is the Pen Test company accredited for Penetration Testing services under CREST?

  2. Does the Pen Test company have any other Pen Test and Red Teaming certifications, such as CREST Simulated Attack and Response (STAR)?

  3. What are the capabilities of the Pen Test company and who have they previously worked within your sector, including what references can they provide for the pen tests?

  4. Who are their people and what previous experience do they have as pen testers? What projects have they worked on and what research have they conducted? What breaches have they performed?

  5. Is the pen test company offering the traditional 'legacy' and 'point in time' penetration test or something that more closely replicates that of real-world malicious hackers?

Career expectations

How to get into pen testing?

If you want to get into pen-testing the best place to start is by approaching the pen test community. Cybersecurity, not least pen testing, has one of the richest communities of any industry. Online resources are plentiful. Get involved in local meetups and events in your area.

Local pen test events are one of the best ways to meet fellow pen testers of all levels of expertise and experience. is a great website that lists virtual Cybersecurity conferences and virtual hacking events (Worldwide).

Get in contact with pen test companies, such as CovertSwarm and start a conversation. At the very least they will be able to point you in the right direction. Also reach out to organisations such as CREST who have numerous initiatives to help future pen testers break into the pen test industry, but also wider areas of cybersecurity outside of pen-testing. Other resources such as courses, labs and exams offered by Offensive Security should also be considered, as well as the content and labs provided by Hack The Box. What does a pen tester do?

A pen tester is an individual who performs penetration tests. Some companies provide automated penetration testing services, however, these are typically closer to that of a Vulnerability Assessment - where an automated scanner with a list of pre-defined checks is run against a target. Penetration tests should always be manually led by a pen tester and it is the skill, expertise, knowledge and experience of a pen test that will ensure a high-quality output from your penetration test.

An effective pen test should deliver all aspects of the pen test: from confirming scope; to enumeration; to vulnerability identification; exploitation; and reporting.

Pen testers typically have a range of skill sets, from Web App Pen Testing; Infrastructure Pen Testing; API Pen Testing; and Mobile App Pen Testing but will often specialise in a specific area: for example, you may become a specialist in one pen test discipline or specific niche such as pen testing a cryptographic deployment, code review or becoming a specialised in red teaming (more commonly known as 'simulated cyber attack'.)

Is pen testing a good career?

CovertSwarm will have a bias here, especially as our very first value is that "We are passionate about constantly compromising client security". Therefore, in short, yes, pen testing is a GREAT career.

As a pentester at CovertSwarm, you get to work with the world's most progressive brands and constantly compromise them. What could be better than that? Want to know more about why pen testing is a good career? Then just take a look at our culture and openings.

Is pen-testing difficult?

Like anything, not least cybersecurity, with ethical hacking and pen testing the more you do something, the more you practice, the more you learn and the easier it will become. Pen testing will be hard for anyone that does not have a related background or expertise in assisting a pen tester or has never attempted to perform a pen test before.

As you develop your skills as a pen tester and learn the craft of penetration testing it will become more familiar, and less difficult.

As a cybersecurity discipline, there are many aspects to pen testing with most pen testers developing expertise in specific areas: whether that be Web App Pen Testing; API Pen Testing; Infrastructure Pen Testing; Code Reviews; or other pen test area.

Learning requirements

How to learn penetration testing?

To learn penetration testing start we advise you to learn by doing. Setup systems, web applications and services in a lab environment entirely under your control and explore how to pentest them. You can also purposely make them vulnerable to known exploits and attack vectors so as to further scale your pen test skillset and experience.

As an industry, we are fortunate that there is a wealth of resources available online to help teach pen-testing. Some examples include:

  1. PenTester Lab

  2. Pen Test Academy

  3. Hack The Box

  4. Offensive Security

  5. UDemy

When learning, always ensure that you are operating in your own pen test environment, typically in a lab that is operated in full by you or one that you have the owner's permission to work within. Never, under any circumstances, attempt to pentest an organisation directly unless you have been permitted to do so and with an appropriate pen test contract in place to protect both parties: this is always something that would be arranged by the pen test company that you work for.

Another great way to learn penetration testing is to get involved within the pen test community itself and to speak to others within cybersecurity, specifically those who are pen testers. We're a friendly group of people who read, study, listen, present, teach and give back to the cyber community from which we all draw and benefit.

Do you need a degree to be a pentester?

No, a degree is not required to be a pentester. At the time of writing, there is no degree that specifically covers the deep role of a pentester. There are degrees that cover elements of pen testing, but they also cover wider information security and cybersecurity. Pen testing is one of many specialisms of cybersecurity, not least the information security industry.

Pen testing is a skillset in its own right, so whilst the skills taught as elements included within a degree can help, a degree is not necessary to become an effective pen tester.

How to gain practical experience with pen testing without a job in cyber security?

You don't have to have a job in cyber security to become a pentester, nor training to be a pentester. The key is to gain practical experience with pen testing from those in the role and/or the community.

As an early-entrant pen tester, the key is to already possess a strong foundational knowledge of at least one technical discipline: for example, some of the strongest pen testers are those that have been web application developers; infrastructure engineers; solutions architects; or come from other fields within information technology as a subject matter experts.

Another way to gain some practical expertise is to look for Junior Penetration Test job openings as these roles typically have a fast-tracked learning path to becoming a Pen Tester, Red Teamer or Offensive Security Engineer.

How to become a physical pen tester?

A physical pen tester is someone who specialises in delivering pen tests against physical locations, such as office buildings, data centres or warehouses. They are often experts in human social engineering and will use various techniques, not least impersonating other employees, to gain access to physical locations.

There are pen testers who only perform physical penetration tests. Some pen tests require both physical as well as more technology-orientated pen testers such as Web Application Pen Testing: API Pen Testing; and Infrastructure Penetration Testing.

To become a physical pen tester, look for roles and job openings that include the area of 'Social Engineering' as part of the role's responsibilities. Not all pen test providers will offer physical pen tests as they don't necessarily have the pen testers with these skillsets.

How to gain practical skills

How can I practice pen-testing safely?

Create your own pentest lab that is local to your infrastructure, isolated from non-infrastructure networks, and fully under your control. This is by far the best way to practice pen-testing safely. This would typically create on your local home network or within a virtualised environment on your host machine.

There are also online platforms, such as Hack The Box and Offensive Security that offer penetration test training as well as pen testing labs where you can practice safely.

Can you work from home as a penetration tester?

Absolutely! You can work from home as a penetration tester. In fact, even before the COVID-19 pandemic, it was (and continues to be) common for penetration testers to work from home. Unless a penetration test requires you to be onsite - for example for an internal network penetration test that can't be performed remotely - the penetration test can be performed from anywhere in the world.

At CovertSwarm we have penetration testers spread across the planet, including the UK and wider Europe. All of our penetration testers work remotely and come together once a quarter for our regular SwarmCon event as well as DEF CON in the USA.

Salary expectations

How much do pen testers earn?

Pen testers, as with most professionals earn a salary in accordance with their skills and experience. Entry-level penetration tester positions typically start anywhere between £25-35K, with salaries rising up from there as you progress.

Have more questions?

Speak to us today and we will happily answer any additional questions you have, whilst also providing you some deeper insight into CovertSwarm’s Constant Cyber Attack service.

bottom of page