A Workstation Build Review is a security assessment designed to test the devices your staff use to carry out their workload on a day-to-day basis.
The assessment is designed to identify any weaknesses in the specific configuration of a device, or vulnerabilities which may be present and exploitable by unauthenticated or authenticated users.


Workstations can be devices that leave your company’s premises on a regular basis, which means they can be at a greater risk of attack or even theft, and it is important to ensure that any information and data which it contains is protected.

Phishing attacks also target Workstations in an attempt to gain remote access to the device and so ensuring a secure workstation can be essential in managing your company’s overall security profile.

During a Workstation Build Review the configuration and operating system are evaluated to determine if a secure setup has been performed and to ensure there are no weaknesses.

The assessment is designed to pinpoint and rectify any holes within the build and covers patching levels, accessible services, weak credentials, service permissions, logging and auditing, firewall and antivirus configuration as well as registry settings.

As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your devices. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.

A Build & Configuration Review report will allow your business to:

  • Receive assurance around the secure configuration of your organisations Workstations.
  • Make ongoing improvements to a system via specialist support, advice and consultancy.
  • Adhere to regulatory bodies who require Build Reviews to be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. What is the difference between a Build Review and an Internal Network Test?

An internal network test is designed to review the security of your entire internal network, often from the perspective of an unauthenticated or low privileged user.

A Build Review can focus on individual Workstations, providing a more in-depth assessment against the configuration and stored content against a range of best practices.

2. Why do I need a Build & Configuration Review?

Workstations can be the target of Phishing attacks conducted by attackers over the internet and attacked by both automated tools and determined attackers on a daily basis. Whether it’s for compliance reasons or for peace of mind all organisations should assess and review the security of their Workstations on a regular basis.

3. What devices can I have tested?

Workstations, whether physical or virtual can be assessed as part of a Workstation Build review to ensure a secure configuration has been achieved with no identifiable or exploitable issues.

4. What will I receive after the test has been completed?

The deliverable from any Workstation Build Review is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.