Select Page

Penetration Testing Services

Your trusted CREST-certified pen testing provider in New Zealand and Australia.


Identifying vulnerabilities and offering solutions to strengthen your security posture.


Our team of experts consists of CREST-certified pen testers with OSCP, OSEP, CHFI, OSWE, CPTC, eWPT certifications.


We are great communicators that deliver targeted insights based on in-depth analysis of vulnerabilities.

We work with amazing customers

Oceania Healthcare
AMARU customers
Fiji Airways

Confidently Navigate the Digital Frontier with Pentesting Services

An average of 64% of businesses in ANZ region have experienced a cyberattack in the past year.

So wouldn’t it be better for you to find out your vulnerabilities and act on it, rather than a hacker taking advantage of it? It is good security practice for you to stress test your systems regularly to maintain cybersecurity posture.

Our pentesting services offer a real-world assessment of your vulnerabilities including black box and white box testing for deeper scrutiny, along with strategies to fortify your IT security.

As a CREST-certified provider, we provide ethical and professional conduct, and our experts are well-positioned to thoroughly examine your security measures and identify potential weak points susceptible to attackers.

AMARU's Penetration Testing Services in New Zealand & Australia consist of certified, licensed penetration testers, specialists and consultants with years of experience

CREST-Certified Penetration Testing Services

in New Zealand & Australia

Our penetration testers are certified specialists identifying exploitable vulnerabilities for your applications, networks & physical environment.

Penetration Testing

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Mobile Application Penetration Testing

Wireless Penetration Testing

Physical Penetration Testing

Social Engineering Assessment

OSINT Assessment

Vulnerability Assessments and Penetration Testing

Network and infrastructure

Web app vulnerability assessment

Technical Assessments

Cloud security tech assessment

Operational tech assessment

Industrial Control Systems testing

Internet of Things assessment

Application Security

SDLC maturity review

DevSecOps consulting and training

Secure development standards definition

Source code review


skilled professionals

Skilled team of professionals at your service

We know there’s a skill shortage in cybersecurity, so entrust our highly skilled cybersecurity specialists to manage all aspects of cybersecurity, ensuring robust cybersecurity and risk management.

we care about your business

We care about your business- like its ours!

This means we go above and beyond to provide you with the highest level of protection and support, just like we would for our own company – and fret not we don’t charge a hefty amount for our consultancy services!

achieve a secure digital environment

Achieve a secure and resilient digital environment

Incorporating aspects of AI and automation, we provide strategies that strengthen your cybersecurity posture, enabling you to sell products and services securely both locally and globally with internationally-recognised security standards.

Case Study

AMARU customer logo

We were really happy with how the whole process went. AMARU has great communication and are very easy to deal with. They were able to start the work quickly and gave us a comprehensive report with an informative presentation. We’ve already recommended them to others!

AMARU customer success story

Benefits of Penetration Testing

With penetration testing services, you are able to enhance cyber resilience proactively, minimise organisational risk exposure, and align with top-tier cyber security standards.

AMARU's Penetration Testing Services in New Zealand & Australia consist of certified, licensed penetration testers, specialists and consultants with years of experience

Identify and resolve system vulnerabilities

As CREST registered penetration testing providers, our certified pentesters come with years of experience dealing with intricate vulnerabilities and risks and explain the findings to you in a detailed yet easy to understand manner.

AMARU's Penetration Testing Services in New Zealand & Australia consist of certified, licensed penetration testers, specialists and consultants with years of experience

Gain Valuable insights into your digital systems

With our one-time pentesting or annual package you are able to have an in-depth understanding of your security gaps should you have a major update taking place in your web or mobile app and want to review its security strength before launch.

AMARU's Penetration Testing Services in New Zealand & Australia consist of certified, licensed penetration testers, specialists and consultants with years of experience

Establish trust with your clientele

4/10 ANZ firms lose deals over cybersecurity doubts. Investing in proactive cybersecurity services can help you gain your client’s trust and create synergies between your developers to help you with your DevSecOps.

Frequently Asked Questions

See our frequently asked cyber security questions below for help and advice.

What are the different types of penetration tests available?

There are various types of penetration testings, like white box and black box testing, varying from infrastructure pen testing, web application pen testing, external and internal network penetration testing, cloud pen testing, and targeted pen testing, each focusing on different aspects of your IT systems and applications.

During the kick off call, we would understand your requirements and see which testing would deem fit for your systems.

Why do I need penetration testing for my business?

Regular penetration testing is essential in the face of increasing cyberattacks across all markets and sectors. It helps businesses demonstrate a commitment to security, thereby increasing customer confidence in their services. You might think your systems are secure but only a penetration testing will validate that; giving you assurance of your networks. The pentest will also verify whether your security controls and processes are sufficient and provide an adequate level of protection to mitigate the risks exposed by cyber threats. Our comprehensive report will guide you on which gaps pose the most risk so you can decide where to focus and make the right investment.

How often should penetration testing be done?

Conducting penetration testing done regularly is an ideal way of maintaining your security posture. Though, many compliance commitments such as PCI DSS, ISO 27001, NZISM require businesses to get penetration testing done regularly.

The standard practice is once a year but it all depends on if you’ve had any major updates in your systems, like launching a new web or mobile app etc. As the threat actors are evolving, gaps can be breached easily with new technologies so understanding your systems beforehand will save your company’s reputation.

What is included in a penetration testing report?

A Penetration Testing Report will include findings, description, replication steps, recommendations for remediation based on the insights gathered and references.

A knowledgeable penetration tester will also conduct two types of debriefing sessions:

  • A technical debriefing for the organisation’s system administrators and engineers letting the IT security team know of the lessons learned during the penetration test.
  • A debriefing meant for the executives which will include all the information needed to determine the appropriate risk management strategy.

How long does a penetration test take?

There isn’t a defined timeframe to conduct a penetration test. It can vary from a few days to weeks, all depending on the size of the scope that is to be undertaken.

What is the cost of a penetration testing service?

The cost of penetrating testing services starts from $2K and it all depends on the project’s intracacies, the type, scope and your requirements. Factors such as the number of systems, applications or assets being tested and the project’s complexity can impact the overall price of the service. 

We can discuss the scope of our penetration testing services during the kick off call with you and provide a quote on the basis of your business’ requirements.

What is CREST Certification?

CREST is Council of Registered Ethical Security Testers – an international accreditation and certification body that is recognised globally by the professional services industry and buyers as being the best indication of knowledge, skills and competence. It is available for organisations and professional-level certifications for individuals on several fronts, including penetration testing, cyber incident response, threat intelligence, and security operations center services.


What is the benefit of using a CREST-certified company?

The benefits of choosing a CREST-certified company includes:

  • CREST accreditation ensures that the provider has demonstrated a high level of technical proficiency and practical experience in the field of penetration testing.
  • They are committed to reliability and consistency in delivering penetration testing services.
  • CREST Accredited Penetration Testing Providers operate in accordance with a strict code of conduct, upholding the highest ethical standards and respecting client confidentiality.



Who needs to be SOC 2 compliant?

In today's digital landscape, where data security and privacy are paramount, the importance of SOC 2 compliance cannot be overstated. As a business owner or decision-maker, you may be wondering, "What is SOC 2...

Why are CREST-Accredited Penetration Testing Provider Preferred?

In the rapidly evolving landscape of cybersecurity, businesses are constantly seeking reliable and effective ways to protect their digital assets from potential threats. Penetration testing, also known as ethical...
ISO 27001 Certification Requirements

ISO 27001 Compliance Requirements & How to Achieve it

Are you looking to enhance your organisation's data security and protect valuable information from potential threats? Look no further than ISO 27001 compliance. In this article, we will explore the what, why, and...
Cyber incidents effecting small businesses

75% of 2023 Cyber incidents aimed at SMBs according to Sophos Report

To all small businesses, BE AWARE. The threat landscape for small businesses in 2024 is evolving rapidly, with cybercrime posing an existential threat to these organisations. According to the World Bank, 90% of the...
Cyber incidents caused by human error

The Dark Reality: Unveiling the Human Factor Driving the Surge in Cyber Breaches

Human error continues to be one of the leading causes of cyber breaches, posing significant threats to businesses and individuals alike. In fact, according to a report by IBM, 95% of all cybersecurity incidents involve...
NISt cyber security frameworks 2.0

Your Ultimate Guide to Understanding NIST Cyber Security Framework 2.0 Update

As threats in the digital realm evolve, the NIST Cyber security framework (CSF) 2.0 serves as a crucial resource to help businesses of all sizes, across industries to reinforce their defences against cyber security...

For more information, reach out today.