Need a penetration test?Direct contact with our security specialists

In a market full of generic promises, we test your systems with the knowledge of engineers who grew up between patch panels and server rooms.

Schedule an introduction Direct contact: +31 20 716 5487

ISO 27001

ISO 9001

Cyberveilig NL

Your IT infrastructure tested by experts who built these systems.

We understand the gap between security on paper and the real-world complexity of IT landscapes. Having Neo Security perform a penetration test? We understand your context and deliver quality.

What is a penetration test?

A penetration test simulates a targeted cyber attack on your IT systems at the network and/or application layer. A pentest is carried out by ethical hackers who use the same tools and techniques as real attackers. Where many providers stop at automated scans and dress up the report, we think like attackers.

Our approach differs because we understand the systems we test. We bring years of experience in designing and managing Active Directory environments, complex networks and critical infrastructure. This hands-on experience is what makes the difference between simple checks and real security research; we read in and understand your context.

The goal of a penetration test: our attack becomes your defence

A penetration test gives you insight into your actual security posture, not just what is formally documented. You receive a clear overview of risks, ranked by business impact. In addition, a pentest provides your IT team with valuable security insights that can be applied directly in the development and design of systems.

Context is everything

“A vulnerability is only a risk when you understand the business context. An open port is interesting, but a method to cancel orders is a real problem.”

Pepijn van der Stap — Offensive Security Lead

We understand that every organisation is unique. A vulnerability in your production environment has different implications than the same vulnerability in your test environment. Our experts analyse not only technical risks, but also the business context and operational impact.

How a pentest supports your organisation

A pentest gives you insight into your actual security posture, not just what is formally documented. You receive a clear overview of risks, ranked by business impact. A pentest also provides your IT team with valuable security insights directly applicable in system development and design. This increases your ability to recognise future attacks in time. A penetration test is a knowledge-intensive investment that makes your organisation demonstrably more resilient against real cyber threats.

What types of pentests are there?

Depending on your situation and objectives, we choose the right testing approach

Black Box Testing

We carry out the attack without any prior knowledge or accounts on a system, just as an external hacker would. We attempt to gain a foothold and then move further into the environment.

Grey Box Testing

We carry out the attack with limited information, as a disgruntled employee or compromised account would have. We simulate the most realistic scenario where an attacker already has some access and tries to escalate to higher privileges and more systems.

White Box Testing

With full access to source code and documentation, we analyse all potential vulnerabilities from the inside out. We combine this with black box and grey box techniques for a complete security assessment.

Crystal Box Testing

Real-time collaboration between our testers and your development team. We share findings directly while testing so your team can learn from the vulnerabilities and we support you in improving your code and policies.

What can we test?

Technical Penetration Testing

Network infrastructure

We test both internal and external network infrastructure. Our approach includes lateral movement, privilege escalation, and verification of the effectiveness of your network segmentation.

Web applications

We test your business logic and processes for security. In-depth testing of your critical applications based on the OWASP ASVS framework.

APIs & microservices

Modern applications are API-driven. We test REST, GraphQL, SOAP and Firebase APIs for authentication, authorization, data validation and business logic flaws.

Cloud infrastructure

Multi-cloud environments (AWS, Azure, GCP) with a focus on IAM misconfigurations, container security and hybrid scenarios.

Mobile applications

End-to-end security testing of the mobile ecosystem including backend APIs, certificate pinning and platform-specific vulnerabilities. iOS and Android, including use of insecure networks and rooted/jailbroken devices.

Specialised assessments

OT/SCADA systems

Industrial control systems testing with full preservation of operational continuity. Thorough protocol analysis and network segmentation validation without disrupting systems.

DigiD assessments

Annual mandatory DigiD assessment according to Normenkader 3.0 (NOREA). We deliver both the pentest and the official assurance reporting for Logius.

Physical Security Testing

Physical security assessments of buildings, access control and social engineering resistance.

Social Engineering Testing

Simulations of phishing, vishing and pretexting attacks to test your human firewall.

Compliance-driven pentests (NEN 7510, ISO 27001, BIO, PCI-DSS)

NEN 7510 pentest (healthcare organisations)

NEN 7510 penetration tests help demonstrate that your healthcare organisation meets the highest requirements for securing medical and patient data.

ISO 27001 pentest (quality assurance)

Our ISO 27001 penetration tests validate your ISMS in practice and support (re)certification and continuous improvement of your security measures.

BIO pentest (government bodies)

Supports compliance with the Baseline Informatiebeveiliging Overheid (BIO) and protects sensitive government information against misuse and data breaches.

PCI-DSS pentest (financial institutions)

PCI-DSS penetration tests evaluate your environment against the Payment Card Industry Data Security Standard and protect cardholder and transaction data.

Why you can trust us

Tailored engagements

Your organisation is unique and works with systems specific to you. That is why you receive a pentest methodology tailored to your situation, not a generic setup.

Engineering background

From a background of deep IT infrastructure expertise, we see where digital risks arise. Our pentesters are real technicians who learn daily. With years of hands-on experience we know exactly where administrators make mistakes, where migrations leave doors open and which attack vectors are most effective.

Business context

Technical vulnerabilities only gain real meaning in the context of your business operations. We analyse not only what can go wrong, but also the impact on your daily operations, customers and revenue. You always receive informative or positive findings from us as well.

Real solutions

You get clear steps to move from root cause to concrete actions that actually solve the problem. Stuck? We are always reachable.

Free retest

Have you implemented our recommendations? We will then test free of charge whether the vulnerabilities have been properly resolved. This retest is included in the quote. You can always reach us during implementation with questions.

No-obligation consultation and proposal

Want to know what a penetration test can do for your organisation? We always start with a no-obligation conversation to discuss your specific situation and requirements. This results in a tailored proposal with no hidden costs. There is no commitment, and you immediately receive valuable advice.

Schedule an intake

> loading…