Bulletproof's Network & Infrastructure Penetration Testing is a professional service that conducts authorised simulated attacks on network environments to identify vulnerabilities and evaluate the effectiveness of security controls. Tests are performed by CREST-certified security professionals using real-world tactics, techniques, and procedures (TTPs). The service covers both internal and external network penetration testing. Internal testing models what an attacker could achieve with direct access to the internal network, while external testing assesses how easily systems can be breached with no prior privileges or information. The testing methodology follows industry-standard practices across six phases: scope definition and pre-engagement, intelligence gathering and threat modelling, vulnerability analysis, exploitation, post-exploitation, and reporting. Common vulnerabilities identified include SSL misconfigurations, missing HTTP security headers, outdated libraries/components, SMB signing issues, excessive information disclosure, unnecessary open services, host header injection, outdated third-party software, SSH misconfigurations, and clickjacking. Results are delivered through a comprehensive report with prioritised findings and actionable remediation guidance. Clients also receive access to a testing platform with a prioritised risk dashboard. Each penetration test package includes 12 months of free vulnerability scanning. The service supports compliance requirements including PCI DSS and GDPR.