CDW Services / Risk Advisory / Penetration Testing

Penetration Testing

Test Your Environment to Prevent Security Incidents

Penetration Testing Overview

Understand Your Risk of Cyberexposure

With penetration testing, we uncover security vulnerabilities in your environment, understand your company’s security posture and test its readiness to withstand and respond to real-world cyberattacks.

Our highly trained team will thoroughly test target systems for known vulnerabilities, misconfigurations and mismanagement of devices in order to ensure that we achieve your testing objectives. We are experienced in executing advanced exploitation attacks using both automated and manual tools. Our testers put emphasis on manual review, using techniques suited to the context of the target environment.

Using industry-recognized and proven methodologies CDW will provide detailed reporting, including a remediation plan to assist in ensuring your organization’s information assets remain protected.


What We Deliver

CDW will provide a report with a summary of the penetration testing activities conducted. The report will contain two sections; an executive summary and a technical report. The executive summary will outline high-level findings and the technical report will provide technical details about findings and outline recommendations.

The report includes:  



An executive summary
of results


Testing methodologies, phases and tools utilized


Detailed vulnerability findings, recommended solutions and effort required for remediation


Activity description of attack scenarios or exploitation


An optional presentation of the critical vulnerabilities and findings

Vulnerability Assessment VS. Penetration Testing

The methodology and techniques used by CDW’s team will be similar for both types of assessments; however, their objectives are what differentiates them. Vulnerability Assessments are intended to identify potential vulnerabilities in your environment to understand your current security posture, without simulating real threat actor attacks. Penetration tests are intended to proactively uncover the most significant vulnerabilities and identify the extent of damage a malicious threat actor could cause in your organization.

Learn More

Types of Penetration Testing

arrow Infrastructure Penetration Testing
Uncover Security Vulnerabilities in Your Environment

During these assessments, CDW’s penetration testers play the role of real-world attackers by targeting your critical information assets. While some vendors rely primarily on automated vulnerability scanning, CDW’s expert team also incorporates their comprehensive understanding of business networks and systems during their manual testing to provide a more holistic testing approach. 

CDW’s infrastructure penetration testing services consist of:

  • External Network Penetration Test
    Objective: Public-facing IT systems and network
  • Internal Network Penetration Test
    Objective: Internal IT systems and networks, including advanced Active Directory attacks (optional)
  • Cloud Penetration Testing
    Objective: Cloud-hosted environments
  • Wireless Testing
    Objective: Networks via wireless access points
  • Operational Technology (OT) Testing
    Test segregation and attempt to breach various OT environments, including SCADA and IoT
arrow Application Penetration Testing
Safeguard Your Web Applications

Application penetration testing from CDW can identify and help you understand your risk of exposure in your applications. This testing will uncover security vulnerabilities to better understand your security posture and test your readiness to withstand and respond to real-world cyberattacks.

The manual-based approach by our knowledgeable professionals can help protect your sensitive information and assets by:

  • Working with our team to develop a custom scope that takes into account the security needs and requirements of your organization
  • Identifying critical application weaknesses through an in-depth, manual-based testing methodology
  • Demonstrate how vulnerabilities would be exploited by actual threat actors to compromise asset and user security
  • Provide recommendations regarding remediation strategies and timelines, allowing your organization to focus on the most critical risks first

CDW’s application penetration testing services consist of:

  • Web applications
  • Application Programming Interface (API) endpoints
  • Mobile applications – iOS and Android
  • Thick client applications


arrow Adversarial Simulation
Simulate real-world threat scenarios to assess your organization’s cybersecurity resiliency

CDW’s penetration testing team will simulate the techniques and tradecraft of real-world cyber attackers that relate directly to the client's environment and assessment concerns.  CDW’s adversarial simulation includes:

Scenario-Based Test:

  • Highlights both risks and impacts associated with a specific breach scenario, typically involving internal client networks
  • Includes testing security controls and resiliency using a mutually agreed-upon scenario(s)


Red Team Assessment:

  • Covert assessment to test user security awareness, incident response and technical controls of your security program
  • Identify previously overlooked or unknown avenues of attack that may be exploited by real-world threat actors
  • Includes attempts to penetrate the external network perimeter, establish a foothold in the internal environment and accomplish specific attack objectives that are mutually pre-defined with your organization
arrow Social Engineering
Assessing the Human Element

Performing a social engineering assessment will help understand how effective security awareness training and procedures are in preventing threat actors from getting valuable corporate information directly from your employees.

CDW’s social engineering services consist of:

  • E-mail based phishing – persuade users to click links, submit credentials or execute a malicious payload
  • Phone-based phishing (“vishing”) – persuade users to divulge information or perform an action that could be leveraged to gain access to an organization
  • On-Site Physical Social Engineering  – assesses the effectiveness of physical security controls, employee awareness and training
  • Open-Source Intelligence (OSINT) Gathering – identify what information is publicly available which can be leveraged to conduct a targeted attack against the organization
arrow Targeted Attack Penetration Testing
A great option if your company is new to penetration testing

CDW’s targeted attack penetration test focuses on evaluating and exploiting common attack paths found in your environment. Our security team will work to explore your potential risk exposure and provide recommendations on how to remediate the findings identified during the test. Evaluating your organization’s defences against common tactics will enable you to meaningfully improve your organization’s security posture, and help you prepare for future security events.

Targeted Attack Penetration Test Overview (PDF)

Our Security Process

Prepare. Defend. Respond.


We help our clients create and align strategies and programs to address ever-evolving business risks. This includes creating a relevant and achievable security roadmap.


We work collaboratively with clients to decide which technologies to implement to protect against cyberthreats.


We monitor critical business assets, respond rapidly to incidents and  validate the effectiveness of security controls 24/7/365, so you don’t have to.

Contact Us

Book Your Penetration
Test Now

CDW has conducted thousands of penetration tests and specialized in cybersecurity for over 12 years; contact one of our consultants to discover your environment's vulnerabilities and how you can remediate them.

Ways to reach us:

Complete the form and a security expert will reach out to you soon
Or give us a call at 800.972.3922

Contact Us

Book Your Penetration Test Now

Complete the form below or call 800.972.3922

Contact Us

Book Your Penetration Test Now

Complete the form below or call 800.972.3922