Home/Services/Offensive Security/Wireless Network Testing

Offensive Security

Wireless Network Testing

Assessment of your Wi-Fi security — encryption strength, rogue and evil-twin access points, and the segmentation between guest and corporate networks.

Request this test → See our methodology

Overview

Close the door attackers walk through from the car park.

Wireless extends your network beyond your walls. Weak encryption, rogue access points and flat networks that let guest Wi-Fi reach corporate systems are common and easily exploited from nearby.

We evaluate your wireless deployment end to end — authentication and encryption, access-point security, client behaviour and segmentation — to ensure wireless access can’t become a bridge into your core network.

What we test

Focus areas of the assessment.

The core areas we examine in a wireless network testing engagement.

Encryption & authentication

WPA2/WPA3 configuration, enterprise auth and weak pre-shared keys.

Rogue & evil-twin APs

Unauthorised access points and impersonation attacks against clients.

Guest vs corporate segmentation

Whether guest networks can reach internal systems they shouldn’t.

Credential capture & cracking

Capturing and testing the strength of wireless credentials.

Signal leakage & coverage

Coverage spilling beyond your premises and exposing the network.

Who needs this

Could this be what you need?

Common situations where this engagement makes sense.

Offices with corporate Wi-FiRisk of wireless entry into internal networks.

Retail & hospitalityGuest networks alongside POS systems.

PCI-scoped environmentsWireless scanning is a PCI requirement.

Manufacturing & warehousesLarge wireless coverage areas.

Healthcare facilitiesConnected devices on Wi-Fi.

Multi-site enterprisesConsistent wireless posture.

Regulatory drivers

Why this is required

Wireless networks extend your attack surface beyond your walls and are a named requirement under payment-security standards; regular testing confirms that encryption, authentication and segmentation actually hold.

PCI DSS v4.0 (Req 11.2)

Requires detection of authorised and rogue wireless access points, and testing of wireless security where wireless is in, or connected to, the cardholder data environment.

ISO/IEC 27001:2022

Network security controls extend to wireless access, authentication and segmentation.

RBI / sector expectations

Regulated entities are expected to secure and periodically test wireless access to internal networks.

How we work

A disciplined testing methodology.

A repeatable, standards-based process that balances depth with operational safety.

Scoping & site survey

Identifying in-scope SSIDs, coverage and the wireless environment.

Wireless reconnaissance

Discovering access points, clients and encryption in use.

Encryption & authentication testing

Testing WPA2/WPA3, enterprise auth and key-management weaknesses.

Rogue AP & client attacks

Assessing rogue-AP, evil-twin and client-side exposure.

Segmentation & impact validation

Confirming whether wireless access reaches the internal network.

Reporting & retest

Risk-rated findings, hardening guidance and a verification retest.

What you receive

Deliverables built for every audience.

Executive summaryOverview of wireless risk and exposure.
Wireless findings reportEach issue with affected SSIDs, CVSS and evidence.
Rogue-AP & exposure evidenceProof of rogue-AP, client and segmentation issues.
Hardening recommendationsPractical Wi-Fi and segmentation fixes.
Retest report & attestationVerification of fixes with an attestation letter.

Standards & frameworks

This assessment is aligned to recognised industry methodologies.

PTESNIST SP 800-115OWASPOSSTMM

Checklist

Are you ready? A quick checklist

What to have in place before we begin.

Site address(es) and floor plans

SSIDs in scope (corporate/guest)

On-site testing window agreed

Escort / site access arranged

Enterprise (802.1X) vs PSK noted

Rogue-AP testing permitted

Segmentation expectations defined

Remediation owner identified

FAQ

Common questions

Does wireless testing need to be on-site?

Yes. Wireless testing is inherently location-based — we need to be within range of your access points to assess coverage, encryption, authentication and rogue-device exposure. It is carried out at your premises within an agreed window, and for multi-site estates we schedule each location into a single coordinated programme.

Can you test enterprise (802.1X) Wi-Fi?

Yes. We assess enterprise authentication, including RADIUS and the various EAP methods, looking for weaknesses such as missing server-certificate validation that allow credential theft or evil-twin attacks. We test pre-shared-key networks too, so both your corporate and guest wireless are covered.

Will testing disrupt our Wi-Fi users?

We work to avoid disruption, scheduling any potentially intrusive checks for low-impact windows agreed with you in advance.

Why does PCI require wireless testing?

PCI DSS requires you to detect both authorised and rogue wireless access points that could open an unmonitored path into the cardholder data environment. Even if you don’t deploy Wi-Fi yourself, an employee or attacker could introduce a rogue device, so periodic scanning for unauthorised access points is mandated. We test the wireless controls and rogue-AP detection that satisfy this requirement.

Can you test multiple sites?

Yes. We scope per location and run a coordinated programme across many sites — branch offices, retail outlets or production facilities. Each site is assessed against the same baseline so results are comparable, and we consolidate everything into one report with per-site detail.