Penetration testing

Applications, systems, networks and people form the technological foundation for any business. By having security experts test this foundation they will identify risks, isolate vulnerabilities and prioritise remediation before exposures can be exploited by attackers.

In a digitalised world with a continuously evolving threat landscape, having an accurate picture of your applications, technologies, and their associated risks is essential. mnemonic has over 20 years of experience performing security and penetration testing, and has built a well-tested approach that not only shows how your organisation’s systems might fail, but also evaluate what the consequence of failure might be and how to remediate them.

Our approach

mnemonic’s security tests combine open standards and industry best practices with our own experience, tools, and methodology. We utilise the whole breadth of mnemonic’s security offering by including relevant expertise from other parts of our organisation, such as our security operations centre, threat intelligence analysts, product experts, and the R&D team. This gives our offensive team a unique advantage, and enables us to go deeper and provide the best possible advice.

By working with mnemonic’s experts on your security and penetration tests your organisation will:

  • identify and understand your organisation’s vulnerabilities and problem areas
  • know what the next course of action should be, with practical advice on recommended remediation
  • be able to share thorough documentation adapted to your organisation’s needs with internal and external stakeholders

What we offer

We pride ourselves with being able to evaluate the security of any kind of information system. From e-voting systems, netbanks and mobile applications, to smart watches, automated metering systems and everything in between, our experts have diverse experience and are prepared for any challenge.

Common examples of the tests we do include:

  • Application security

- Web application and APIs

- Mobile applications (iOS and Android)

- Source code reviews and audits

- Software development environments and CI/CD pipelines

- Cryptographic audits

  • Cloud security testing


- Azure

- Google Cloud

  • Infrastructure security

- Open-source intelligence (OSINT)

- Internal network penetration testing

- Active Directory assessments

  • Red-team exercises, including TIBER (Threat-Intelligence Based Ethical Red Teaming)
  • Internet of Things (IoT) and smart devices
  • ICS, SCADA, and OT assessments

Contact me for more information

Manager Risk Services

Andreas Furuseth