Tried, Tested and Proven

Test Your Security

Portcullis offers a variety of services to test your security. Penetration testing, security testing, vulnerability assessments and the associated services such as build Test Your Securityreviews or host based audits, are the areas in which we have developed our expertise and gained recognition.

For more than 20 years, Portcullis has very much grown with the field. The company has been conducting ‘ethical hacking’ projects since the early 90s, before they were considered commonplace, and we continue to challenge conventions, tackle new technologies and do everything required to remain a leader in this evolving industry.

Our wide range of skills and expertise enable Portcullis to thoroughly assess your security, making use of both the most recent advances in the field, and all of the major technologies, platforms and languages of the past 30 years. Regarding the bespoke, the unusual and new innovations; we have a tried and tested process for identifying potential attack vectors and developing the best methodology, tools and skills required to complete testing to the highest industry standards.

Portcullis is a subscriber to the CESG CHECK scheme, a member of CREST and can complete tests under the auspices of both schemes.


CESG’s CHECK was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistently high level. In the absence of a suitable alternative, CHECK has become the de-facto standard for penetration testing in the UK; mainly due to the rigorous certification process. Whilst effective, it can be somewhat limited as it only concentrates on infrastructure testing and not application testing. As a CHECK service provider, we are permitted to work on systems processing information with a protective marking up to and including CONFIDENTIAL and also SECRET.

CREST (Council of Registered Ethical Security Testers)

CREST was created in response to the need for regulated and professional security testers to serve the global information security marketplace.

CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance, including standards, methodologies and recommendations, aimed at ensuring the very highest standards of cutting-edge security testing. CREST is also the only scheme in the UK which can provide assurances of suitable application testing skills.

PCI DSS scheme

Portcullis is an Approved Scanning Vendor (ASV) within the PCI DSS scheme. We supply scanning and penetration testing services to companies seeking compliance with the PCI DSS, which was developed by members of the PCI Security Standards Council (including Visa, Mastercard, JCB, Discover Financial Services and American Express) with the aim of applying consistent data security measures to card payment accounts across the globe.

These schemes are crucial considerations to take into account when selecting suppliers. However, once working with us, it is our relationship building, flexibility, commitment to high technical standards and clear reporting that ensure long-standing, professional relationships.

Why Test Your Security?

  • To execute a real-world attack on infrastructure and understand the level of risk that exists at a single moment in time.
  • To better identify and validate all security vulnerabilities associated with your Internet-facing environment.
  • To understand the level of risk facing your organisation in comparison with similar companies.

Download Portcullis Testing Brochure Here