Zoonou Limited

Web Penetration Testing

Penetration Testing or Pen Testing is carried out by CREST accredited test staff at Zoonou who look for exploitable security vulnerabilities within a site or service. This takes the form of a planned attack on an application in an attempt to gain access to confidential data, content and site features.


  • Web penetration testing carried out by CREST accredited test professional
  • OWASP Top 10 used as basis for penetration test
  • CAST and CSTP certified test team
  • Testing approach divided into three, test planning, reconnaissance and execution
  • Recommendations on hardening for future attacks
  • Encrypted penetration testing report
  • High priority blocking issues discussed immediately with client
  • Automated and manual testing techniques used
  • Web application front-end and admin areas focused on
  • Secure project folder maintained for testing outputs


  • Independent testing from CREST certified practitioner
  • Reveal flaws and ensure data is protected in the future
  • Recognised as well as proprietary techniques used to reveal vulnerabilities
  • Non-destructive test techniques used wherever possible
  • Test tools configured not to overload infrastructure
  • Automated scans monitored in real-time
  • Clear and practical approach shared with client
  • Pen test as part of Zoonou’s security assessment
  • Complete audit of all available application pages
  • Satisfy compliance and legal requirements


£400 per person per day

Service documents


G-Cloud 11

Service ID

6 3 7 6 4 3 1 5 1 9 6 2 7 9 2


Zoonou Limited

Rhodri Alexander

+44 (0)1323 433700



Planning service
How the planning service works
Zoonou provide a test advisory service to determine the requirements of any cloud project or programme and advise on recommended QA processes, test approaches, tools and environments. Zoonou conduct planning activities, including high level test plans and the generation of manual and automated test scripts in line with business requirements, user requirements, and any approved documentation such as wireframes, designs, and technical / functional specifications. Where appropriate, we use the test maturity model (TMMi) as a governing principle of test process improvement.
Planning service works with specific services


Training service provided
How the training service works
Zoonou provides training to test staff and business stakeholders to increase the capabilities and knowledge that improve test process. We can undertake individual or group training sessions for test professionals that look at specific test practices or provide workshops on themes for a wider business consumption.
The purpose of the training is to enable teams or individuals to progress in their understanding and execution of testing.
The service is bought as part of a process of consultation and the recommendations that emerge from it or where the need for training has already been identified.
Training is tied to specific services

Setup and migration

Setup or migration service available
How the setup or migration service works
Zoonou are able to provide testing for migration of services to cloud based solutions. Testing ensures that systems have been migrated correctly and that they function and perform consistently with the existing (soon to be legacy) system. Testing often focuses on data migration, where checks are carried out to verify that data has been transferred to the new system without error. Migration testing is often a combination of both manual and automated test techniques. Zoonou can provide test strategy, planning, execution and reporting around application migration.
Setup or migration service is for specific cloud services

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
Zoonou specialise in testing and quality assurance services and are able to provide a full range of end-to-end test solutions across the lifecycle of a development project or programme. Our test advisory service determines the requirements of any application under test, we advise on recommended QA processes, test approaches, tools and environments. Test Script creation uses approved project documentation to ensure that the test effort achieves full coverage and that it's traceable, measurable and repeatable. Our testing services range from manual functional, non-functional and desktop browser, mobile device compatibility test execution, through to Security, Accessibility and Automated testing.

For Performance Testing, our in-house load testing team use industry standard tools and techniques, to ensure that products are responsive and perform well on launch. Load testing is used to find out how a piece of software behaves when put under normal and peak levels of load. This is about determining how your site will handle a large number of concurrent users. Load testing will often include a Stress test, where the level of load on the system is ramped up to test higher than normal peak levels of load, to test at which point the system breaks or becomes unresponsive.

Security testing

Security services
Security services type
  • Cyber security consultancy
  • Security testing
  • Security audit services
Certified security testers
Security testing certifications

Ongoing support

Ongoing support service

Service scope

Service constraints
Zoonou provides managed test services which means that we are able to conduct most of our work remotely. We can offer options around that model in order to suit the needs of most of our clients.

User support

Email or online ticketing support
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Support levels
The Zoonou team allocated to a test and QA project is available for contact via multiple means: telephone, email, webchat for support throughout the duration of our service Monday-Friday 9am-5.30pm (UK time).


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)


£400 per person per day
Discount for educational organisations

Service documents

Return to top ↑