Penetration Testing &
Security Assessments

Nanorisk is a UK-based cyber security consultancy delivering structured, evidence-led security assessments across infrastructure, applications, and specialist environments.

Contact Us Our Services
UK
Based & Operated
100%
Independent
Portal
First Delivery
nanorisk — security assessment LIVE
~/nanorisk $ nmap -sV -sC --script vuln 10.0.0.0/24
Starting Nmap 7.94 — https://nmap.org
Scanning 254 hosts on 3 subnets...
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9
80/tcp open http nginx 1.24.0
443/tcp open https | ssl-cert: CN=*.target.com
| VULNERABLE: CVE-2024-3094 (CVSS: 9.8)
3306/tcp open mysql MySQL 8.0.35
8443/tcp open https-alt | Expired certificate
~/nanorisk $ nuclei -t cves/,misconfig/ -target https://target.com
[INF] Loading 1,247 templates for 2 categories
[INF] Running scan against https://target.com
[critical] CVE-2024-3094 https://target.com/api/v1/auth
[high] Misconfigured CORS Policy https://target.com/api
[high] Missing Security Headers https://target.com
[high] Open Redirect https://target.com/redirect?url=
[medium] Directory Listing Enabled https://target.com/assets/
[medium] Server Version Disclosure https://target.com
[INF] Scan complete: 1 critical, 3 high, 2 medium found
~/nanorisk $ _
Assessment Results
1 Critical 3 High 2 Medium 4 Low 6 Info
16 findings
Quality-Driven Assessments
Comprehensive Service Range
Affordable Pricing
Full Transparency
Comprehensive Documentation
Dedicated Security Portal
Quality-Driven Assessments
Comprehensive Service Range
Affordable Pricing
Full Transparency
Comprehensive Documentation
Dedicated Security Portal
Our Services

Security Assessment Services

Nanorisk provides a comprehensive range of security assessment services designed to support organisations at different stages of security maturity. All services are delivered within agreed scope and aligned with recognised industry expectations.

Penetration Testing

Formally scoped security assessments across infrastructure, applications, and social engineering scenarios.

Infrastructure Application Social Engineering

Vulnerability Assessments

Identification, prioritisation, and management of known security weaknesses across your infrastructure.

Learn more →

Specialised Services

Bespoke testing, simulation, and adversary-focused assessments delivered under controlled conditions.

Learn more →

Cyber Essentials

Cyber Essentials and Cyber Essentials Plus certification via partner.

Learn more →
Nanorisk Security Portal

Portal-First Engagement Management

All Nanorisk engagements are managed through the Security Portal — your central point for engagement management, communication, findings, and reporting.

portal.nanorisk.co.uk
Overview Dashboard Asset Management Penetration Testing Project Plan Live Findings Vulnerability Details

Documentation & Communication

Review and manage engagement documentation. Exchange sensitive information securely.

Asset & Finding Tracking

View assets and in-scope systems. Track findings and their status throughout the engagement.

Reports & Attestations

Access reports, attestations, and retesting outcomes in one central location.

Learn more about the Security Portal →
Why Choose Us

Quality Security Services at Affordable Prices

Nanorisk is a UK-based cyber security consultancy delivering professional penetration testing and security assessments without the premium price tag.

Quality-Driven Assessments

Every engagement follows structured, evidence-led methodologies with formal scoping, experienced consultants, and rigorous internal quality assurance.

Comprehensive Service Range

From vulnerability assessments to specialist red team operations, we offer a full spectrum of security testing services to meet any requirement.

Affordable Pricing

We deliver professional-grade security services at competitive rates, typically charging less than larger consultancies without compromising on quality.

Full Transparency

Clear communication throughout every engagement. No hidden costs, no surprises. You know exactly what you're getting and what it costs upfront.

Comprehensive Documentation

Detailed, actionable reports with clear findings, evidence, and practical remediation guidance. Our documentation supports your compliance and governance needs.

Dedicated Security Portal

All engagements managed through our secure portal providing real-time visibility, document management, finding tracking, and streamlined communication.

See how engagements progress →
Engagement Lifecycle

How Engagements Progress

While each engagement is tailored to the client's environment and objectives, most assessments follow a common lifecycle.

1
Enquiry & Scoping
2
Authorisation
3
Prerequisites
4
Delivery
8
Retesting
7
Wash-Up
6
QA & Reporting
5
Live Validation

Enquiry and Scoping

An engagement begins with an initial enquiry and scoping discussion to understand objectives, environment, constraints, and desired outcomes. Scope, assumptions, exclusions, and proposed timelines are defined during this phase.

Formal Authorisation and Onboarding

A quote and Statement of Work are issued through the Security Portal. Engagements commence only after contractual documentation has been reviewed and formally accepted.

Prerequisites and Asset Onboarding

Clients provide agreed prerequisites through the Security Portal. This information populates the asset catalogue, defining in-scope systems and environments for the assessment.

Assessment Delivery

Assessments are conducted within the defined scope and rules of engagement. Critical or high-risk findings are flagged promptly. Where appropriate, findings are visible within the portal as they are identified.

Live Validation

Where permitted, clients may remediate findings during the assessment window and request validation. This allows issues to be confirmed as resolved before the assessment concludes.

Quality Assurance and Reporting

All findings undergo internal quality assurance. Reports include engagement scope, detailed findings with evidence, risk context, and remediation guidance — delivered through the Security Portal.

Wash-Up and Next Steps

Clients may request a wash-up call to review findings, clarify report content, and discuss remediation priorities. This ensures findings are clearly understood and appropriately contextualised.

Formal Retesting

Post-engagement retesting validates remediation efforts and is delivered as a separate retesting report through the Security Portal. Retesting scope and timing are defined contractually.

Our Commitment

Trust, Governance & Responsibility

Nanorisk operates under a defined governance framework covering professional conduct, confidentiality, data protection, and incident handling.

Professional Standards

We operate in accordance with recognised UK security and assurance principles, aligned with CREST professional standards and NCSC guidance.

  • All consultants operate under a mandatory Code of Conduct and Ethics Policy
  • Continuous improvement of methodologies, tools, and governance practices

Data Protection & Privacy

Fully compliant with UK GDPR and the Data Protection Act 2018, with formal data protection and privacy governance in place.

  • All client data protected using encryption at rest and in transit
  • Robust data retention and secure deletion policies
  • Strict access controls and role-based permissions

Formal Authorisation

Formal authorisation to test is obtained for every engagement, covering the full assessment lifecycle from scoping through to delivery.

  • All testing conducted within clearly defined scopes and rules of engagement
  • Secure communication for all client interactions and document exchange

Responsible Testing

Controlled testing practices designed to minimise operational risk and business disruption throughout the engagement.

  • No denial-of-service or destructive testing unless explicitly authorised
  • Real-time escalation procedures for critical and high-risk findings

Supply Chain Governance

Sub-processors and suppliers are carefully vetted and contractually bound to security and data protection requirements.

  • Comprehensive Professional Indemnity, Cyber, and Public Liability Insurance
Client Feedback

Trusted by Organisations Across the Globe

"

Nanorisk has proven to be our most reliable and trustworthy partner. Their reporting is exceptionally clear and easy to understand, with rapid response to all questions. Outstanding commitment to client satisfaction.

RK
Rob Kneller
Director, Kit365 Limited
★★★★★

Ben was fantastic from the initial conversation through to completion. We received a comprehensive report outlining all issues found with clear suggested resolutions. Highly professional service throughout.

JS
James Scott
Systems & Network Ops Manager, TripIQ
★★★★★

Competent scoping with minimal disruption to business operations. The high standard report with actionable steps and post-assessment discussion assisted with our risk management process.

RC
Rory Carlton
Head of Projects, Loan Market Association
★★★★★

Get in Touch

If you would like to discuss an assessment or understand how Nanorisk can support your organisation, please get in touch.

Contact Us