Physical Penetration Testing

Often, organizations spend large amounts of capital installing, configuring, and maintaining physical security, but fail to ever test their effectiveness. NetSPI’s physical penetration test not only attempts to circumvent targeted physical security controls but also provides a comprehensive checklist of other potential weaknesses an attacker could expose to access the cardholder data environment or other sensitive areas. The physical penetration test provides a list of potential areas of physical security weakness from an attacker’s perspective, as well as corresponding remediation action items.


All secure environments implement preventative and detective controls using a layered approach. Those include physical, administrative, and technical controls that should be taken into consideration when developing a test plan for identifying exploitable security gaps. During our physical penetration test, we work with you to develop a test plan that covers those areas and meets your business needs.

  • Gates, fences, and car barriers
  • Locks (Mechanical and Electronic)
  • Security lighting
  • Camera coverage
  • Window sensors
  • Motion sensors
  • Alarms
  • Network and system security
  • Centralized access control systems
  • Logging and auditing
  • Alerts to third parties
  • Alerts to monitoring dashboards
  • Guard patrol policies and schedules
  • Physical access procedures (Piggy backing and insufficient access procedures)

Physical penetration tests find and exploit the vulnerabilities within a company’s physical controls and barriers. Penetration tests include lock picking doors, hopping fences, piggybacking, bypassing physical access controls, or social engineering. A physical penetration test is a non-invasive, comprehensive assessment of all the physical security controls in place at a facility or location. Depending on client objectives and request for verification, we may employ various Physical Penetration Testing techniques aligned with the desired objectives. These tests should be conducted on high value facilities and locations annually.

Powered by Resolve™

Web application engagements are managed and delivered through Resolve, NetSPI’s vulnerability management and orchestration platform. Resolve elevates your vulnerability management and pentesting program.

Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.