A Server Build Review is a security assessment designed to test the devices your organisation use to provide business critical functionality and services on a day to day basis.
The assessment is designed to identify any weaknesses in the specific configuration of a device, or vulnerabilities which may be present and exploitable by unauthenticated or authenticated users.


Servers can be setup to be public or private, providing key business functionality to your staff members and clients. Servers can also be the storage location of a wealth of sensitive information utilised by a number of people on a day to day basis.

This can make each server a prime target for any potential attacker who may gain access to the device through a multitude of potential attack vectors.

Ensuring the continuity of both your functionality and also the security of your data, both at rest and in transit, should be an important consideration for safeguarding your organisation.

During a Server Build Review the configuration and operating system are evaluated to determine if a secure setup has been established and to ensure there are no identifiable weaknesses.

The assessment is designed to pinpoint and rectify any holes within the build and covers patching levels, accessible services, weak credentials, service permissions, logging and auditing, firewall and antivirus configuration as well as registry settings.

As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your devices. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.

A Build & Configuration Review report will allow your business to:

  • Receive assurance around the secure configuration of your organisations Servers.
  • Make ongoing improvements to a system via specialist support, advice and consultancy.
  • Adhere to regulatory bodies who require Build Reviews to be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. What is the difference between a Build Review and an Internal Network Test?

An internal network test is designed to review the security of your entire internal network, often from the perspective of an unauthenticated or low privileged user.

A Build Review can focus on individual Servers, providing a more in-depth assessment against the configuration and stored content against a range of best practices.

2. Why do I need a Build & Configuration Review?

Servers can be the target of both external and internal attacks, conducted by attackers over the internet or positioned within your organisation. Whether it’s for compliance reasons or for peace of mind all organisations should assess and review the security of their Servers on a regular basis.

3. What devices can I have tested?

Servers, whether physical or virtual can be assessed as part of a Server Build review to ensure a secure configuration has been achieved with no identifiable or exploitable issues.

4. What will I receive after the test has been completed?

The deliverable from any Server Build Review is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.