Penetration Testing Services

Q: How long does a penetration test take?

Placeholder - client to confirm typical engagement timelines e.g. scoping to delivery.

Test your defences with NZ's most experienced pen testing team. CREST-certified. 400+ clients.

What vulnerabilities could put your business at risk?

Every business faces different security challenges, so our penetration testing program is tailored to your environment and objectives. We work with your teams to design targeted assessments that generate clear, actionable outcomes:

Network and Infrastructure

Finding vulnerabilities before attackers do, including in obscure systems
Carefully identifying risks within OT and SCADA networks
Reviewing device configurations for security issues

Applications and Code

Identifying vulnerabilities in your web applications and source code
Reviewing the security of your critical business apps
Providing awareness of security issues with AI

Simulation and People

Our team demonstrating how easily devices can be accessed
Simulating attacks before a real one hits
Turning testing into training

How our penetration testing works

Our penetration testing goes beyond identifying vulnerabilities. We help you understand what matters most, fix issues faster and strengthen security long term.

Scoping

Every engagement is scoped to your systems, goals and tech stack so the results are relevant, not generic.

Discovery

We identify targets, understand how they function and gather information that an attacker could use.

Testing

We probe the attack surface, attempt to exploit weaknesses and assess how far an attacker could go.

Reporting

We clearly explain what was tested, what we found and the realistic business impact.
‍

Remediation Support

We help prioritise issues and provide practical guidance so your teams can fix and verify them.
‍

Why partner with Bastion?

Bastion brings together the expertise of Quantum Security, ZX Security, Helix Security, Cassini and Cythera, giving you depth across offensive security and broader cyber services when you need it.

Trusted by 400+ clients across New Zealand and internationally

Certified specialists including CISM, ISO27001, OSCP, SABSA, CISA, CISSPand PCI-QSA

CREST-certified member companyand an approved supplier on theDIA Marketplace

Audit Logging

Managed Detection & Response

Our Cyber Threat Intelligence Software as a Service enhances your organisation's

See what our customers say about us

Our security solutions are built on relationships. Here’s what business owners say about partnering with us.

Service Development Manager

Government Agency

"Great service, clear, detailed and precise information on what our vulnerabilities were and what needs addressing. Couldn't have been easier to deal with and very professional."

Security Operations

Energy Sector

"Excellent customer engagement and a thorough understanding of our diverse requirements. Outstanding testing and communication throughout the testing phase."

Request a penetration test

Complete the form and we will contact you within one business day.

Frequently Asked Questions

Frequently asked questions

From risk assessment to rapid response - we’re with you every step of the way.

Do you offer independent or CREST-certified testing?

Yes. Bastion is a CREST-certified penetration testing provider, meaning our testing meets globally recognised standards for quality, ethics and technical rigour.

How often should we run a penetration test?

Most organisations benefit from annual testing as a baseline, with additional tests following significant changes to systems, applications or infrastructure - or when required for compliance.

Can a penetration test help us meet compliance or audit requirements?

Yes. Many organisations require penetration testing to meet compliance frameworks including ISO 27001, PCI DSS, Essential Eight and sector-specific standards. We can scope the engagement to align with your specific compliance obligations and provide documentation to support your audit.

Do you test cloud environments, web applications and APIs?

Yes. We cover external and internal networks, web and mobile applications, cloud environments, APIs, SaaS platforms and specialist areas including OT/SCADA, wireless and hardware.

What's the difference between a vulnerability scan and a penetration test?

A vulnerability scan uses automated tools to identify known weaknesses. A penetration test goes further - our testers simulate real attacker behaviour to validate those risks and uncover more complex issues that tools alone miss.

How long does a penetration test take?

A penetration test typically takes around 5 days, although the exact duration depends heavily on the agreed scope and the specific objectives of the engagement. Penetration testing is tailored to your environment, risk profile and goals, so timelines can vary accordingly.

How do I book a penetration test or get a quote?

Complete the form on this page and our team will be in touch within one business day to discuss your requirements and provide a scoped proposal.

Are you experiencing a security breach?

Incident Response

+64 4 281 7534