top of page
cyber_edited.jpg

Technical Testing & Assurance

SALTT Tech delivers industry-leading technical testing and assurance services through our all-on-shore local team of CREST-certified penetration testers. Protect your digital assets from cyber compromise by rigorously testing them with SALTT Tech. Our technical assurance services go well beyond basic vulnerability scanning, deeply analysing the design, configuration and logic of your systems to identify real, exploitable attack paths an adversary could use against your organisation.

​

What makes SALTT Tech technical assurance unique:

  • All-on-shore, CREST-certified team of penetration testers

  • Engineers first: our consultants are software and systems developers at heart, with deep hands-on experience across applications, infrastructure and cloud

  • Beyond simple scanning: we move past basic vulnerability scans or checkbox testing and thoroughly assess business logic, configurations and integration points

  • Real-world mindset: testing is performed using current attacker tools, techniques and procedures (TTPs) to reflect genuine threats

 

SALTT Tech offers the following offensive security capabilities and penetration tests: 

​

​

Our Certifications​

​

​​

​

​

​

​

​​​​​​​​​​

 

 

 

 

 

 

 

​

CREST-CRT-CZtG8iLG.png

CREST CRT

GIAC-GPEN-BRMvpTQN.png

GIAC GWAPT

CREST-CPSA-DLA2nahJ.png

CREST CPSA

GIAC-GWAPT-CSn-Dgzr.png

GIAC GPEN

HTB-CPTS-BsvLBRB8.png

HTB Certified Tester

GIAC-GWAPT-CSn-Dgzr.png

GIAC GAWN

cyber.jpeg

Web Application & API Testing

Attackers increasingly target web applications and APIs as their primary path into an organisation. Flaws in authentication, authorisation, business logic or input handling can expose sensitive data and enable full account or system compromise. Web Application & API Penetration Testing simulates these attacks to uncover real, exploitable issues before they impact your customers or reputation.

 

What is Web Application & API Penetration Testing?

Web Application & API testing focuses on the security of:

​

  • Customer-facing and internal web applications

  • REST, GraphQL and other APIs (including mobile backends)

  • Single Page Applications (SPAs) and rich front-ends

  • Authentication and authorisation flows (SSO, OAuth/OIDC, MFA)

 

SALTT Tech tests how an attacker – with or without valid credentials – can interact with your apps and APIs to gain unauthorised access, manipulate data or bypass business rules.

​​​​

​

How SALTT Tech Tests Your Web Application & API Environment

Our testing goes well beyond simple automated scanning. We combine specialised tooling with deep engineering expertise to understand how your application is designed to work – and then test how it can be made to misbehave. Typical activities include:

​

  • Assessing authentication, session management and access control (including horizontal/vertical privilege escalation)

  • Testing for injection flaws (SQL, NoSQL, command, template, ORM and others)

  • Identifying insecure direct object references (IDOR) and broken object-level authorisation

  • Reviewing input validation, output encoding and error handling

  • Evaluating business logic for abuse scenarios (e.g. bypassing workflows, abusing discounts, manipulating balances or limits)

  • Testing APIs for insecure endpoints, overly permissive responses and missing controls

​

We align with and extend beyond the OWASP Top 10, focusing on how real attackers chain issues together into a meaningful impact on your business.

 


How Often Should Web Application & API Testing Be Done?

We recommend Web Application & API Penetration Testing:

​

  • At least annually for key applications and APIs

  • Before major releases or go-lives for new or significantly changed functionality

​

After significant architectural changes (e.g. new auth flows, API gateways, microservices migrations)

External Infrastructure Testing

Threat actors are constantly scanning the internet for weaknesses they can use to steal data, disrupt systems, or damage your organisation’s reputation. External infrastructure penetration testing mirrors the tools, tactics and mindset of real attackers to uncover those weaknesses before they do.

​

What is External Infrastructure Penetration Testing?

External penetration testing focuses on internet-facing systems, anything reachable from the public internet, such as:

​

  • Websites and web applications

  • Email servers

  • VPN gateways and remote access portals

  • Other services reachable via public IP addresses

​

By simulating a malicious attacker operating from the internet, SALTT Tech assesses how exposed your organisation really is and what an attacker could do if your business were targeted.

​​​​

​

How SALTT Tech Tests Your External Infrastructure Environment

Our external testing combines automated scanning with deep manual analysis to identify and validate real-world attack paths. Typical activities include:

​

  • Identifying firewall and network access misconfigurations

  • Discovering and verifying unpatched or poorly configured services

  • Finding and attempting to access administrative interfaces and management portals

  • Applying standard attacker techniques to chain issues into practical compromise scenarios

 

The objective is to map out how a remote attacker could gain a foothold in your environment, and what impact that compromise might have.

​​

​

How Often Should External Infrastructure Testing Be Done?

We recommend conducting External Infrastructure Penetration Testing at least annually, and whenever you make significant changes to internet-facing systems or services (for example, launching a new website, migrating email, or deploying new remote access solutions).

cyber.jpeg

Internal Infrastructure Testing

Threat actors don’t just attack from the internet; they also target what’s inside your network. Stolen credentials, misconfigured VPNs, malware, or even a malicious insider can all provide an attacker with a foothold in your internal environment. Internal infrastructure penetration testing simulates this scenario, using the tools, techniques, and mindset of a real adversary to uncover weaknesses before they are exploited.​

​

What is Internal Infrastructure Penetration Testing?

Internal penetration testing focuses on systems and services accessible from inside your network, such as:

​

  • On-premises and cloud-connected servers

  • Workstations and laptops

  • Active Directory and identity services

  • Network devices (switches, routers, firewalls, wireless controllers)

  • Internal web applications, file shares and databases

  • Wi-Fi and internal management interfaces

 

SALTT Tech simulates an attacker who has gained internal access, for example, via phishing, a compromised VPN account, a rogue device on the LAN, or a malicious insider, and assesses how far they could move and what they could compromise.

​​​​

​

How SALTT Tech Tests Your Internal Infrastructure Environment

Our internal infrastructure testing blends automated tools with hands-on, engineering-led analysis to uncover realistic attack paths. Typical activities include:

​

  • Enumerating domains, users, groups, hosts and services

  • Identifying and validating unpatched vulnerabilities and insecure configurations

  • Assessing Active Directory and identity weaknesses (e.g. excessive privileges, weak controls)

  • Evaluating network segmentation and the ability to pivot between environments

  • Locating and attempting to access sensitive data stores and administrative interfaces

 

The goal is to map how an attacker could move laterally from an initial foothold to your “crown jewels” – and what controls fail or succeed along the way.

 


How Often Should Internal Infrastructure Testing Be Done?

We recommend performing Internal Infrastructure Penetration Testing at least annually, and additionally:

​

  • After significant infrastructure changes (e.g. major AD changes, network redesigns, mergers which incorporate domain trusts, on-prem to cloud migrations)

  • After the rollout of key internal systems or identity platforms

  • Following significant security incidents to validate improvements

cyber_edited.jpg

Wi-Fi/Wireless Testing

Attackers increasingly target wireless networks as an easy way to bypass your perimeter. Weak Wi-Fi configurations, flawed authentication, or insecure guest networks can give an adversary direct access to your internal environment, sometimes without even entering the building. Wi-Fi/Wireless penetration testing simulates those attacks to identify and fix weaknesses before they’re exploited.

​

What is Wi-Fi/Wireless Penetration Testing?

Wi-Fi/Wireless penetration testing focuses on the security of your wireless infrastructure, including:

​

  • Corporate Wi-Fi networks (staff SSIDs)

  • Guest and BYOD networks

  • IoT and operational technology (OT) wireless networks

  • Wireless controllers, access points and related infrastructure

 

SALTT Tech tests whether an attacker within radio range, outside your office, in a shared tenancy space, or in a nearby public area, can gain unauthorised access to your network or data.

​​​​

​

How SALTT Tech Tests Your Wi-Fi/Wireless Networks

Our wireless testing combines specialised tooling with deep engineering expertise to assess the real-world resilience of your Wi-Fi. Typical activities include:

​

  • Identifying and mapping SSIDs, access points and wireless topologies

  • Assessing authentication and encryption (e.g. WPA2/WPA3, 802.1X, PSKs, captive portals)

  • Testing for weak or shared credentials, poorly secured guest/contractor networks and rogue access points

  • Evaluating segmentation between wireless networks and internal systems

  • Attempting to pivot from wireless access into internal infrastructure and sensitive systems

​

The goal is to understand what an attacker can do once they can “hear” your wireless networks, and how effectively your controls prevent misuse.

 


How Often Should Wi-Fi/Wireless Testing Be Done?

We recommend performing Wi-Fi/Wireless penetration testing:

​

  • At least annually

  • Whenever you deploy or significantly change wireless infrastructure (new SSIDs, new controller, major office fit-out or relocation)

  • When opening new sites, branches or shared office locations

cyber.jpeg

Retail Store Testing

Modern retail stores are packed with technology, POS terminals, Wi-Fi, tablets, kiosks, cameras, IoT devices and back-of-house systems all connected to the head office and cloud platforms. If these aren’t secured properly, an attacker can use a single store as a low-friction entry point to your entire retail network. Retail Store Testing simulates those real-world scenarios so you can fix weaknesses before they impact customers, payments or brand.

​

What is Retail Store Penetration Testing?

Retail Store Testing focuses on the security of the technology operating in and around your physical stores, including:

​

  • Point-of-Sale (POS) terminals and payment infrastructure

  • In-store networks and switching

  • In-store Wi-Fi (corporate, guest and vendor SSIDs)

  • Store tablets, handhelds, kiosks and self-service devices

  • Connected IoT/OT devices (e.g. digital signage, cameras, sensors)

​

SALTT Tech simulates an attacker who has gained a foothold from inside or near the store (e.g. on guest Wi-Fi, via a misconfigured switch port, or through an exposed device) and assesses how far they can go and what impact they can cause.

​​​​

​

How SALTT Tech Tests Your Retail Store Environment

Our retail store testing combines infrastructure, wireless and application testing into a single, store-centric engagement. Typical activities include:

​

  • Mapping store network architecture, segments and routes back to corporate environments

  • Testing in-store Wi-Fi security, authentication and isolation

  • Evaluating POS terminals and supporting systems for configuration and hardening issues

  • Reviewing store endpoints (PCs, tablets, handhelds) for local attack paths and lateral movement

  • Identifying ways an attacker could pivot from a single store to head office or cloud systems

 

The aim is to understand what happens if a store is treated as an “easy entry point” and how well your controls prevent that scenario from becoming a major incident.

 


How Often Should Retail Store Testing Be Done?

We recommend performing Retail Store Testing:

​

  • At least annually across a representative sample of store types

  • When rolling out new store formats, new POS platforms, or major network/architecture changes

​

Testing representative stores (e.g. flagship, standard, kiosk/pop-up, franchise) helps you validate patterns and apply fixes at scale.

cyber_edited.jpg

Physical Security Testing

​Modern attackers don’t just target networks and applications – they also look for weaknesses in your physical environment. An unattended door, weak visitor controls, or poorly protected secure areas can provide a direct path to sensitive systems and data. Physical Security Testing simulates those real-world scenarios so you can understand and improve how well your buildings and sites are protected.

​

What is Physical Security Penetration Testing?

Physical Security Testing focuses on how effectively your sites and facilities prevent unauthorised access, including:

​

  • Corporate offices and campuses

  • Data centres and comms rooms

  • Retail stores, warehouses and depots

  • High-value or sensitive areas (e.g. secure labs, finance areas, records storage)

​

SALTT Tech simulates an attacker attempting to gain physical access to your environment – for example, as a visitor, contractor, or opportunistic intruder – and assesses what they can reach and what controls stand in their way.

​​​​

​

How SALTT Tech Tests Your Physical Security Environment

Our testing combines observation, controlled intrusion attempts, and process review to assess real-world resilience. Typical activities (agreed and pre-approved with you) include:

​

  • Assessing perimeter controls (doors, gates, access points) and site layout

  • Testing access control processes (badges, visitor management, escorting, reception controls)

  • Evaluating how easily secure areas (e.g. server racks, document storage) can be reached

  • Checking how sensitive information and assets are stored, labelled and disposed of

​

The aim is not to “beat” your people, but to demonstrate realistic scenarios that highlight strengths, gaps and improvement opportunities.

 


How Often Should Physical Security Testing Be Done?

We recommend conducting Physical Security Testing:

​

  • At least every 1–2 years for key locations

  • When opening new offices, stores, data centres or warehouses

  • After major changes to access control systems, building layouts or security procedures

​

Testing a representative sample of sites (e.g. HQ, regional office, flagship store, warehouse) provides coverage while allowing improvements to be rolled out consistently.

cyber_edited.jpg

Red Team Testing

Sophisticated attackers don’t think in silos – they combine phishing, web exploits, misconfigurations, wireless access and sometimes physical intrusion to achieve their goals. Red Team Testing replicates this style of targeted, multi-vector attack so you can understand how your defences, monitoring and response really perform under pressure.

​

What is Red Team Testing?

Red Team Testing is an objective-driven adversary simulation. Instead of asking “what vulnerabilities exist?”, it asks:

​

“Can a realistic attacker achieve these specific goals against our organisation?”

 

Typical objectives might include:

  • Gaining access to sensitive data or critical systems

  • Achieving domain or cloud tenant administrative control

  • Compromising a high-value application or business process

  • Demonstrating how a real-world ransomware or data theft scenario could unfold

 

SALTT Tech plays the role of a determined attacker, using realistic tactics, techniques and procedures (TTPs) to reach agreed objectives while operating within clearly defined rules of engagement.

​​​​

​

How SALTT Tech Runs a Red Team Engagement?

Our Red Team Testing brings together multiple disciplines – infrastructure, web & API, wireless, endpoint and sometimes physical & social engineering – into a single coordinated campaign. Depending on the scope, this may include:

​

  • Open-source intelligence (OSINT) to profile staff, technologies and exposed assets

  • Targeted phishing and credential attacks (within agreed limits)

  • Exploitation of external and internal systems to gain and expand footholds

  • Abuse of misconfigurations and weak identity controls (AD, Entra ID/Azure AD, SSO, VPN, MFA gaps)

  • Wireless and on-premise attack paths (where in-scope)

  • Carefully controlled physical testing, if agreed, to simulate on-site attackers

 

Equally important, we assess how well your people, processes and technology detect and respond to these activities – not just whether the attack is technically possible.

 


How Often Should Red Team Testing Be Done?

Red Team Testing is deeper and broader than standard penetration testing, so it is usually performed:

​

  • Every 1–2 years for organisations with mature security controls, or

  • After major changes to architecture, critical platforms or SOC/monitoring capability

bottom of page