Penetration Testing & Vulnerability Assessment

Findings you can act on, not a scan report dressed up as a pen test.

The conflation problem

Three different things get called "penetration testing" by people selling them:

Vulnerability scanning

An automated tool scans your environment for known vulnerabilities. Useful, cheap, and necessary. Not a penetration test.

Vulnerability assessment

A vulnerability scan plus human analysis to validate, contextualize, and prioritize the findings. Better. Still not a penetration test.

Penetration testing

A human attacker, working under defined rules of engagement, attempts to compromise your environment using the same techniques real adversaries use. A penetration test produces evidence of exploitable weaknesses, not theoretical risk.

VALO performs all three. The deliverable, scope, and price differ significantly. We'll help you understand which one you actually need.

VALO's pen testing methodology

Our methodology is aligned to the Penetration Testing Execution Standard (PTES) and NIST SP 800-115. Every engagement follows seven phases:

Pre-engagement — Scope, rules of engagement, authorization, communication protocols.

Intelligence gathering — Reconnaissance against the in-scope target.

Threat modeling — Identification of likely attack paths based on the environment and threat actors.

Vulnerability analysis — Identification and validation of weaknesses.

Exploitation — Controlled exploitation of identified weaknesses to demonstrate impact.

Post-exploitation — Assessment of what an attacker could do after initial compromise.

Reporting — Executive summary, technical findings with CVSS scoring, prioritized remediation roadmap, and retest after remediation.

Test types offered

External

Network penetration test

Internet-facing infrastructure, VPNs, remote access, email gateways, web-facing services.

Internal

Network penetration test

Lateral movement, privilege escalation, and impact assessment from a foothold inside the environment.

Web Application

Penetration test

Aligned to OWASP Top 10 and ASVS. Authentication, authorization, input validation, business logic, and session management.

Social Engineering

& Phishing simulation

Targeted phishing campaigns with metrics on click rates, credential capture, and downstream compromise potential.

Cloud

Configuration assessment

Azure, AWS, or Google Cloud configuration review against CIS Benchmarks and platform best practices.

Honest scope

VALO performs pen testing for SMB and mid-market scopes. Red team engagements (full-scope adversary emulation, multi-month campaigns, physical and electronic combined operations) are out of our current scope. If that's what you need, we'll refer you to a firm that specializes in red team work.

Pricing is engagement-specific and depends on test type, scope (number of in-scope assets, applications, or users), depth of exploitation required, and reporting needs. A small external network test and a full internal-plus-web-application engagement are very different work. We'll discuss it during a scoping call so the number you hear reflects your actual scope, not a generic rate card.

Schedule a scoping conversation.

We'll help you identify the right test type, define scope, and set expectations for the engagement and deliverables.

Schedule a conversation