Our Approach

How We Test: A Structured, Transparent Approach

Our penetration testing methodology is built on industry standards — OWASP, PTES, and NIST — combined with real-world attacker techniques. Here's exactly how we work.

Not all penetration tests are equal. Some firms run an automated scanner, wrap the output in a branded PDF, and call it a pen test. That's not what we do. Every XASPRO engagement follows a structured, manual-first methodology.

// Methodology

6-Phase Testing Process

01

Reconnaissance

We gather information about your target systems the same way an attacker would — before touching a single endpoint.

Activities

  • Domain and subdomain enumeration
  • Technology fingerprinting
  • Public information gathering (DNS, WHOIS, certificate transparency)
  • Identifying exposed services and entry points

Tools

Subfinder, Amass, Wappalyzer, Shodan

02

Scanning & Enumeration

We actively probe your systems to identify services, endpoints, and potential weaknesses.

Activities

  • Port scanning and service identification
  • Web application crawling and endpoint discovery
  • API endpoint enumeration (including undocumented endpoints)
  • Mapping application functionality and user roles

Tools

Nmap, Burp Suite Professional, Gobuster, ffuf

03

Vulnerability Discovery

The core of the engagement. We systematically test every component using manual techniques and targeted tools.

Activities

  • OWASP Top 10 testing (all categories)
  • Authentication and session management testing
  • Authorisation and access control testing
  • Business logic testing
  • API-specific testing (BOLA, mass assignment, rate limiting)

Tools

Burp Suite Professional, SQLMap, custom scripts

04

Exploitation

When we find a vulnerability, we safely exploit it to prove the real-world impact.

Activities

  • Proof-of-concept development for each finding
  • Demonstrating data access (without extracting real sensitive data)
  • Chaining vulnerabilities to show escalated impact
  • Privilege escalation attempts

Tools

Custom scripts, Burp Suite, manual techniques

05

Reporting

We compile findings into a clear, actionable report designed for both technical and non-technical audiences.

Activities

  • Executive summary for leadership
  • Technical findings with CVSS severity ratings
  • Step-by-step reproduction instructions
  • Code-level remediation guidance
  • OWASP Top 10 coverage matrix

Tools

Custom reporting framework

06

Remediation & Retest

After you've fixed the findings, we retest to verify the vulnerabilities are properly resolved.

Activities

  • Developer debrief call
  • Code review of fixes (if source access provided)
  • Full retest of all findings
  • Clean report issued after successful remediation
  • Implementation support if needed

Tools

Same toolset as initial testing

// Standards

Standards & Frameworks We Follow

OWASP Testing Guide v4.2

Primary methodology for web application testing

OWASP API Security Top 10

Framework for API-specific testing

PTES

Penetration Testing Execution Standard — overall engagement structure

NIST SP 800-115

Technical guide for information security testing

CVSS v3.1

Vulnerability severity scoring

CWE

Common Weakness Enumeration — vulnerability classification

Transparent Process. Clear Results.

You'll know exactly what we're testing, how we're testing it, and what we found. No black boxes.

Book a Scoping Call View Our Pricing

Fixed pricing from £95 · Free retest included · UK-based