We do our best to respond as quickly as possible
Aptive Consulting
Cyber Security Consulting
Aptive are a UK based Cyber Security Consultancy offering security testing services to help businesses stay secure against today’s cyber threats. Learn more →
Aptive Consulting
Who Are Aptive
Aptive are a UK cyber security testing company based in Guildford providing security testing services to London, the UK and the rest of the world. Aptive provide IT security assessment services for organisations such as penetration testing, vulnerability assessments, security hardening & network security audits, we make security assessments simple and cost effective for businesses of all sizes.
Professional Penetration Testing
Identify Web App Threats
Web Application Penetration Testing
Aptive provide web application security testing using our internal methodology based on the OWASP testing methodology. The service identifies security issues within web apps and provides clear remediation instructions, allowing your organisation to easily fix identified security issues. For more information, see our web app security audit service page.
Web Application Penetration Testing →
Identify Mobile App Threats
Mobile App Security Testing
Aptive’s mobile application security testing is a deep dive security assessment against iOS and Android apps, to help identify potential security issues, logic flaws or vulnerabilities.
Mobile App Security Testing →
Identify Internal & External Infrastructure Threats
Network Penetration Testing
Aptive are a penetration testing company providing internal or external web & network penetration testing services, which identifies and quantifies security issues in an easy to understand report.
Network Penetration Testing →
Proactively identify the latest vulnerabilties
Our penetration testing services help identify the latest vulnerabilties.
VMware VRealize Network Insight
Remote Code Execution CVE-2023-20887
MOVEit Transfer
Remote Code Execution CVE-2023-34362
Fortra GoAnywhere MFT
Authentication Bypass CVE-2024-0204
WordPress Elementor Lite 5.7.1
Arbitrary Password Reset CVE-2023-32243
Redis Sandbox Escape
Remote Code Execution CVE-2022-0543
GitLab 16.0.0
Path Traversal CVE-2023-2825
CouchDB Erlang Distribution
Remote Command Execution CVE-2022-24706
WatchGuard Fireware AD Helper Component
Credentials Disclosure Critical
PCI DSS Penetration Testing Service
Meet your PCI DSS certification requirements with our manual penetration testing service.
Client Testimonials
Reviews from our clients
"We hired Aptive to perform an in-depth mobile application penetration test based on the OWASP MASV standard. Aptive provided an easy to understand report and were on hand to help with any developer follow up questions."
"Aptive conduct regular penetration testing of our web applications as part of our on-going cyber security testing commitment. We chose Aptive as we required a manually performed penetration test conducted by a certified web application penetration tester. The delivered reports are always professional, concise and make it easy for both stake holders and developers to understand.”
"The team at Aptive provided excellent advice and demonstrated a large depth of knowledge regarding security aspects and vulnerabilities within our environment. We were very pleased with the level of effort and advice given throughout the engagement. In addition to providing a comprehensive report, Aptive clarified issues directly with our development teams to ensure identified issues were correctly understood. Allowing our team to perform remediation on any discovered issues."
"Aptive performed a manual web & mobile app penetration tests against our CryptoCurrency wallet applications. Aptive's team worked closely with our internal developers and went above and beyond to deliver detailed issue explanations with actionable remediation advice during the development stage of our apps."
LLMNR / NBT-NS spoofing attack: how to use LLMNR & NetBIOS poisoning to capture credentials from the network using Kali + Responder.py and how to fix LLMNR & NBT-NS (NetBIOS) spoofing / poisoning attacks.
Local File Inclusion (LFI) explained with examples, and learn how to perform security testing for LFI vulnerabilities. The intent of this document is to assist with web app security assessments engagements by consolidating research for LFI testing techniques. LFI vulnerabilities are typically discovered during application assessments or penetration testing using the techniques contained within this document.
An overview on what the SameSite cookie attribute is, and if it provides sufficient protection against CSRF on it's own without other mitigations.
The definitive guide for SSL / TLS security testing by Aptive. This article documents the process of using semi automated tools to perform SSL & TLS security assessments and how to validate the tool findings using manual testing methods. The aim is to optimise the TLS & SSL security testing process when performing pen testing to optimise the time spent on TLS security testing.
What is Unrestricted File Upload Testing and how to test for Unrestricted File Upload Vulnerabilities including filter bypass techniques for Windows, Linux, Apache and IIS.
An overview of what SQL Injection is, understand the attack, and the potential risk to your organisation.
