Wi-Fi Pentesting

Wi-Fi Pentesting

Wireless technology remains a weak spot in many infrastructures. A Wi-Fi penetration test, or pentest, will reveal wireless weak points, exploit the vulnerabilities and provide clear advice on how to mitigate the risks to an acceptable level.

WiFi and other wireless technologies such as Bluetooth, 2G/3G/4G and Zigbee or WirelessHart in the industrial domain, remain a weak point in many infrastructures. Some wireless technologies can be easily disrupted or taken over, even remotely. Secura has developed specific testing protocols for such technologies. Combined with physical access testing or site surveys, knowing the susceptibility of your wireless infrastructure to attack is an important aspect of becoming more resilient. Secura will investigate on-site if the Wi-Fi (wireless) networks are adequately secured. For this, Secura will use laptops with IEEE 802.11a/b/g/n/ac/ax-network adapters and test access points.

How We Test

Secura will intercept and analyze traffic of available wireless networks. In this phase, it will be determined if the traffic is encrypted and how it is encrypted. If it is unencrypted, Secura will analyze the content of the traffic to determine if it belongs to the customer’s network and if it contains sensitive and/or useful information.

Only Wi-Fi networks that are positively attributable to our customers are subjected to the tests.

After a Wi-Fi security test, Secura will be able to answer the following questions:

  • Which Wi-Fi networks are available?
  • What security measures are in place and are they sufficient?
  • Is it possible to access internal systems through a public/guest Wi-Fi network?
  • Is it possible to access other guests systems through the public/guest Wi-Fi network?
  • Can traffic be intercepted and decrypted?

When we encounter networks that should be segregated, we will investigate whether they are configured correctly to prevent connections between the networks. Secura will identify vulnerabilities on the access points and attempt to exploit these.

A typical example would be a situation where Secura investigates possibilities of breaking out of a guest network into the office automation network, of if guests can attack each other’s system.

When a weaker encryption technology is used, Secura will attempt to exploit known vulnerabilities or weaknesses and crack the Wi-Fi key.

If Secura is requested to also check the security of the implemented security measures for authorized users, we should be provided with the correct login credentials. This way we can connect to the Wi-Fi network, just like a normal user would, using passwords and certificates.

Additional tests we can perform:

  • How are users separated from each other?
  • Can information sensitive areas of the office automation network be reached?

I'd like to know more about Wi-Fi Pentesting



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.

Related Services

CLOUD Pentesting

Article image

A Cloud penetration test (or pentest) assesses the strong and weak points in cloud-based systems to improve the overall cloud security level.

Hardware / IoT Pentesting

Article image

Hardware, firmware and (cloud dwelling) backends are all targets for attackers and often not very well understood. Secura can test all these aspects, and also apply reverse engineering and firmware hacking techniques to find out which weaknesses exist.

Infrastructure Pentesting

Article image

External, internet visible IT systems are attacked daily. It is therefore often required to test these systems periodically or when significant changes are applied.

Industrial Vulnerability Assessment / Pentest

Article image

Within industrial environments, cybersecurity testing requires a specialized approach. This is mainly due to the different risks and threat models within Operational Technology (OT).