Penetration Testing Services
Manual pen testing services by OSCP & OSWE certified ethical hackers. Network, web, API, mobile, and cloud penetration testing, internal and external assessments with audit-ready reporting.
HackersHub is a leading penetration testing company in the Netherlands, providing hands-on manual security assessments by OSCP and OSWE certified professionals. Based in Amsterdam, we serve organizations across The Hague, Utrecht, Rotterdam, Eindhoven and the wider Randstad region. Our manual pentesting methodology goes far beyond automated scanning, uncovering real-world vulnerabilities in your web applications, networks, APIs and cloud infrastructure with audit-ready reporting for SOC 2 and other compliance frameworks.
Audit-Ready Compliance Testing
Our penetration test reports and penetration testing statements are specifically designed to meet the requirements of SOC 2 and other compliance frameworks. No additional documentation needed, our deliverables satisfy auditor requirements.
What is penetration testing?
Penetration testing is a controlled, authorised attack on your own systems, performed by hand by certified ethical hackers who try to break in the way a real adversary would. It goes far beyond automated scanning: testers chain weaknesses together, exploit business-logic flaws, and prove the real-world impact of each finding with proof of concept. The result is not a list of theoretical issues but a clear, prioritised picture of how an attacker could actually compromise your applications, networks, APIs, or cloud, and exactly what to fix first.
Types of Penetration Testing
Comprehensive security testing across all your digital assets
Web Application Penetration Testing
Comprehensive security assessment of web applications, APIs, and web services. We test for OWASP Top 10 vulnerabilities, authentication bypasses, injection flaws, access control issues, and business logic vulnerabilities using both automated scanning and manual exploitation techniques.
External Network Penetration Testing
Simulate real-world attacks on your internet-facing infrastructure. We identify exposed services, misconfigurations, outdated software, and potential entry points that external attackers could exploit to compromise your perimeter security.
Internal Network Penetration Testing
Evaluate your internal network security to protect against insider threats and lateral movement. We assess Active Directory security, network segmentation, privilege escalation paths, and potential for domain compromise from an assumed breach scenario.
Mobile Application Penetration Testing
Complete security assessment of iOS, Android, and hybrid mobile applications. Testing includes app binary analysis, insecure data storage, weak cryptography, API security, certificate pinning, and runtime manipulation across all major mobile platforms.
AI/LLM Penetration Testing
Specialized security testing for AI systems and large language models. We evaluate prompt injection attacks, data poisoning, model manipulation, training data extraction, adversarial inputs, and AI-specific attack vectors to secure your AI implementations.
Blockchain & Smart Contract Security Assessment
Expert security evaluation of blockchain implementations and smart contracts. We identify vulnerabilities in contract logic, reentrancy attacks, access control flaws, integer overflow/underflow, and tokenomics issues across multiple blockchain platforms.
API Penetration Testing
Secure your APIs against unauthorized access, data exposure, and injection attacks. We test REST, GraphQL, and SOAP APIs for authentication flaws, authorization bypasses, rate limiting issues, and data validation weaknesses.
Hardware Penetration Testing
Physical security assessment of embedded systems, IoT devices, and hardware components. We test for firmware vulnerabilities, JTAG/UART access, side-channel attacks, secure boot bypasses, and hardware implants to secure your physical infrastructure.
Why Choose HackersHub for Penetration Testing?
Industry-Standard Methodologies
Our services follow industry-recognized frameworks including OWASP, PTES, and NIST SP 800-115, ensuring the highest quality standards in penetration testing. This validates our methodology, expertise, and commitment to excellence.
OSCP & OSWE Certified Professionals
Our team consists of OSCP and OSWE certified experts with real-world offensive security experience. Every tester is continuously trained in the latest attack techniques, tools, and vulnerabilities to provide cutting-edge security assessments.
Comprehensive Audit-Ready Reporting
We provide detailed technical reports with clear remediation guidance, executive summaries for stakeholders, and penetration testing statements that meet SOC 2 and other compliance requirements without additional documentation.
Flexible Engagement Models
From one-time assessments to continuous security testing programs, we adapt to your business needs. Each engagement is assigned a dedicated project manager to ensure smooth coordination and clear communication.
Our Penetration Testing Process
Our penetration testing methodology follows industry standards while adapting to your specific security requirements:
Scoping & Planning
We work with you to define testing objectives, identify critical assets, establish rules of engagement, and create a testing timeline. We confirm target ownership, set communication channels, and align on success criteria with minimal business disruption.
Reconnaissance & Information Gathering
Comprehensive OSINT and enumeration to map your attack surface. We gather publicly available information, identify entry points, enumerate services, and build an understanding of your infrastructure before active testing begins.
Vulnerability Assessment & Scanning
Systematic identification of security weaknesses using industry-leading automated tools combined with manual validation. We eliminate false positives and prioritize findings based on exploitability and business impact.
Manual Exploitation & Validation
Controlled exploitation of identified vulnerabilities to prove real-world impact. Our certified testers chain vulnerabilities, perform privilege escalation, and demonstrate potential damage an attacker could cause while maintaining strict safety protocols.
Detailed Reporting & Debrief
Comprehensive technical report with vulnerability details, proof of concept, risk ratings, and actionable remediation guidance. Executive summary for leadership and technical findings for security teams.
Remediation Support
Dedicated project manager to help your team understand and remediate vulnerabilities. Optional paid services include live debrief sessions and re-testing of critical findings after remediation.
Testing Methodology & Standards
Our penetration testing follows industry-recognized frameworks including OWASP Testing Guide, PTES (Penetration Testing Execution Standard), and NIST SP 800-115. We combine automated scanning tools with extensive manual testing to uncover vulnerabilities that automated tools miss. Every test is performed by certified professionals with extensive real-world experience in offensive security.
What's Included in Every Penetration Test
Penetration Testing FAQ
The questions organisations ask us most often before commissioning a test, answered straight.
What is a penetration test?
A penetration test is a hands-on security assessment in which certified ethical hackers actively attempt to exploit vulnerabilities in your systems, the way a real attacker would. Unlike an automated scan, a penetration test uncovers complex business-logic flaws, chained vulnerabilities, and attack paths that tools miss, and proves the real impact with proof of concept.
How much does a penetration test cost in the Netherlands?
At HackersHub a penetration test is scoped per engagement, there is no fixed price list. Cost depends on the test type (web, network, API, mobile, cloud), the size and complexity of the scope, and whether it is a one-time test or a continuous programme. A scoping call typically takes 30 minutes and produces a fixed-scope written proposal within five working days.
How long does a penetration test take?
Duration depends on scope. A bounded web-application or network test typically runs one to three weeks of execution plus reporting; larger or chained scopes take longer. During scoping we agree the timeline with minimal disruption to your operations.
What is the difference between a penetration test and a vulnerability scan?
A vulnerability scan is automated and offers breadth: it flags known weaknesses quickly but at the surface. A penetration test offers depth: certified testers validate findings manually, exploit them under control, chain them together, and demonstrate real business impact. The scan tells you what might be vulnerable; the penetration test proves what an attacker could actually achieve.
Is a penetration test required for SOC 2, ISO 27001, or NIS2?
Many compliance frameworks expect or require periodic independent offensive testing. Our reports and penetration testing statements are designed to satisfy SOC 2, ISO 27001, and similar frameworks without additional documentation. For organisations preparing for NIS2, a penetration test helps demonstrably address the duty of care around technical security measures.
What certifications do your pentesters hold?
Our penetration testers are OSCP- and OSWE-certified and work to industry-recognised methodologies: the OWASP Testing Guide, PTES, and NIST SP 800-115. Every test is performed by professionals with proven real-world experience in offensive security.
Do you run the penetration test remotely or on-site?
Most tests, such as external network, web-application, and API testing, are run remotely. For internal network tests, hardware, and physical assessments we work on-site where needed. We agree the approach during scoping.
Do we get a re-test after we remediate vulnerabilities?
Yes. A re-test of critical and high findings after remediation is an optional service, so you can demonstrate, to auditors or customers, that the identified vulnerabilities are genuinely fixed. A dedicated project manager supports remediation and the re-test.
Related services
Ready to Secure Your Systems?
Request a quote for your penetration testing needs.