What is Penetration Test? — UK Software Development Guide

4 min readJune 2025ClickMasters Technical TeamReviewed by James Whitmore, CTO
what is a penetration test

Direct Answer

A penetration test (pen test) is a simulated cyber attack against a software system, network, or application — conducted by security professionals with permission from the system owner — to identify exploitable vulnerabilities before malicious attackers do.

Penetration-test in the UK

UK-specific pen test requirements: Cyber Essentials Plus requires an annual CREST-certified penetration test. DTAC Domain 3 for NHS-connected apps requires CREST-certified pen testing. FCA-regulated firms should conduct annual pen tests as part of operational resilience. CREST (Council of Registered Ethical Security Testers) is the UK certification body — CREST certification is the recognised standard for UK regulatory compliance. Budget: £4,000–£15,000 for a web application pen test from a CREST-certified provider.

Get Expert Advice on Penetration-test

Speak with our UK software development experts about Penetration-test. Free consultation, transparent pricing, no obligation.