Penetration Testing: find the gaps before attackers do.
A penetration test is a controlled, authorised attempt to break into your systems using the same techniques real attackers use. It is the only way to know with confidence what your defences actually stop versus what they only claim to stop. North Star conducts scoped penetration tests for BC and AB businesses and delivers plain-English reports with prioritised fixes - not a 400-page PDF you will never finish reading.
What is penetration testing?
Penetration testing (pen testing) is a structured security exercise where trained professionals attempt to compromise your systems, networks, or applications using real-world attack methods. Unlike a vulnerability scan - which only identifies known weaknesses automatically - a pen test involves human judgment to chain vulnerabilities together, test business logic flaws, and determine what an attacker could actually access. The output is a ranked findings report with evidence of what was exploited, what data or systems were at risk, and specific remediation steps. North Star offers external network pen tests (simulating an outside attacker), internal pen tests (simulating a compromised insider or contractor), and web application tests. Most tests complete in one to two weeks.
What North Star delivers.
Test what an attacker sees from the internet.
We attempt to compromise your public-facing systems: firewalls, VPNs, remote desktop, web applications, and email. Most BC and AB SMBs are surprised by what is exposed.
Test what happens if someone gets inside.
We simulate a scenario where an attacker is already on your network - a phishing victim's laptop, a compromised contractor. Can they reach sensitive data, domain controllers, or backups?
OWASP Top 10 and beyond for your web apps.
If you run a customer portal, e-commerce site, or internal web application, we test for injection, authentication flaws, broken access controls, and other common attack classes.
Findings written for business owners, not just security teams.
Every finding includes a risk rating, what we did to exploit it, what an attacker could have done with it, and specific remediation steps. No jargon without explanation.
Optional re-test after you fix the findings.
North Star can re-test specific findings after your team applies fixes to confirm they are fully resolved. This is especially useful for compliance requirements.
What buyers ask before they sign.
How much does a penetration test cost?
External network pen tests for a typical SMB in BC or AB start around $2,500 to $5,000 CAD. Internal network tests and web application tests are similarly priced. Scope drives cost: more IP ranges, more applications, and longer testing windows increase the price. North Star provides a fixed-price quote after a scoping call.
How long does a pen test take?
Most external or internal network tests take three to five business days of active testing. Web application tests vary based on the size of the application. The report is typically delivered within five business days after testing completes.
Will the pen test disrupt our systems?
North Star's tests are designed to avoid disruption. We agree on a testing window and rules of engagement before starting. Certain aggressive techniques that could cause crashes are excluded from standard tests or scheduled for after-hours windows with your approval.
What is NOT included in a standard pen test?
Social engineering (phone calls, pretexting), physical security testing (attempting to enter your office), and wireless network testing are separate engagement types. Standard tests also do not include remediation work - that is quoted separately.
Do we need a pen test every year?
Many cyber liability insurers and compliance frameworks recommend annual pen tests. North Star generally recommends external tests at least annually, and after any major infrastructure change such as a cloud migration or firewall upgrade.
Ready to test your defences?
Tell us about your environment and we will come back with a scoped proposal in two business days. No obligation, no pressure.
Start Your Free Assessment Back to Cybersecurity