Comprehensive Security Testing for IT/OT systems, Applications and Cloud

Every company has a unique IT infrastructure and different applications. Accordingly, it needs specifically designed security testing. Our penetration testers are proficient in the most advanced hacking methods, which are also used by cyber criminals. We love the challenge in the cyber security field and systematically analyze everything that is networked: be it an application, cloud, control or production system (ICS: SCADA/DCS), security system, IoT device, aircraft, power plant or train.

Penetration tests, also known as pentests, use suitable means and methods to uncover existing vulnerabilities. Whether it is an unauthorized intrusion into systems, opportunities to manipulate data or insecure applications – a pentest uncovers security flaws. A report is then drawn up to show where and what the risks are.

In a security assessment, the configuration of the system and the operational handling of the system are assessed in addition to the penetration test. While penetration tests primarily examine the technical aspects of systems or applications, security assessments also cover procedural and organizational issues. A security assessment provides a more comprehensive view of the security level of the test objects. Any deviations and the associated risks are documented in a report.

The configuration review checks the configuration of the system for security-relevant settings. Hardening guidelines and standard frameworks are used in particular to create target/actual comparisons. However, it can also be carried out in another form, such as joint workshops or walk-throughs. This involves identifying deviations from implementation or security concepts, for example. The deviations and the associated risks are explained in a report.

Your Advantages at a Glance

  • Security tests of any networked components and systems possible
  • Systematic identification of technical vulnerabilities and security gaps
  • Recommendations for specific hardening measures and additional tips to increase cyber resilience
  • Combination of semi-automatic vulnerability scans and manual testing
  • Manual verification of security vulnerabilities
  • Scoping prior to offer preparation to define exact scope
  • Fulfillment of compliance requirements
  • Documentation and presentation tailored to the target group

Our Penetration Testing Approach

High quality is ensured in penetration testing projects through proven and standardized procedures and with additional optional modules:

 

Our Oneconsult Penetration Testing Apprach

Kick-off meeting: Together we define the process, deadlines, prerequisites and the readiness for testing.

The next steps depend on the project type, the scope, and the depth of testing. These points are defined in a joint scoping meeting before the offer is prepared.

Reporting: Once the test activities have been completed, you will receive a customized and detailed final report. This will include a management summary, the project objectives, the general framework conditions, the findings (security gaps including risk categorization) and the recommended measures.

Final meeting (optional): At a final meeting, the results are presented and the findings and measures are explained in detail. 

Methods & Options for a Penetration Test

Penetration testing services are based on standards such as OWASP and OSSTMM. Various approaches can be selected:

  • White, grey or black box approach: You provide us with a lot, only a little or (almost) no information about the test object in advance.
  • Authenticated/unauthenticated: Test from an internal perspective with access data (authenticated) or external perspective, without access data.
  • Outside/Inside: Tests from the Internet (outside) or from the internal network (inside).
  • Assume Breach: This approach assumes that attackers already have access to a system. It checks whether they can access other systems, sensitive data or higher-privileged user accounts.

Why Oneconsult Is Your Specialist for Penetration Testing

  • We have been offering penetration testing as our core competence for over 20 years.
  • Our penetration testers and our security consultants have the most recognized certifications in the cyber security industry: OSCP, PSCP, OPST, OSCE, OSWE, GXPN, OPSA, PECB and more!
  • We use renowned test methods to identify vulnerabilities and security gaps.
  • We are guided by internationally recognized methods such as ISECOM OSSTMM, OWASP (OWASP, ASVS, OWASP Top10), CVSS, MITRE Attack Framework, NIST and CIS Benchmarks.
  • Passion for cyber security: We love what we do – work in a structured way and enjoy sharing our knowledge.
  • We set ourselves the highest quality standards and believe that we can only successfully combat cyber threats with teamwork – together against cyberattacks.

Get a Penetration Testing Quote Now

Frequently Asked Questions (FAQs) About Penetration Testing

A penetration test is important to verify the security of applications, IT systems, networks and much more. By simulating attack scenarios, potential vulnerabilities and security gaps are identified before they are exploited by malicious hackers. This enables companies to implement targeted security measures, improve their cyber resilience, and minimize risks.

A penetration test usually involves several steps. After defining the system that is to be tested and kicking off the project, a comprehensive analysis of the test object and surrounding infrastructure is first carried out to identify potential points of attack. This is followed by the use of various tools and techniques to find any vulnerabilities. The results are validated, documented and summarized in a report. The final report contains the identified vulnerabilities, their risk assessments and recommendations for improvement measures.

The frequency of penetration testing depends on various factors, such as the type of infrastructure, the size of the organization and the changing threat landscape. Generally, it is recommended to perform penetration tests on a regular basis to identify new vulnerabilities and to ensure that security measures are being implemented effectively. For critical systems, it is recommended to perform a pentest at least once a year or when significant changes are made to the infrastructure.

Put simply, a penetration test is about finding weaknesses and red teaming is about exploiting weaknesses. In addition, penetration tests are usually limited to technical vulnerabilities, whereas red teaming also involves organizational vulnerabilities. For more information, see our blog article «The Differences Between Penetration Test and Red Teaming».

Confirmed by Our Statistics

Every day, companies around the world rely on our expertise. This is confirmed by our statistics in addition to our long-standing customers.

0

Application (Mobile) 
Penetration Test Projects

0 +

Penetration Test 
Projects per year

0

ICS (SCADA / DCS) 
Penetration Projects

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 12:00 p.m. and 1:00 p.m. – 5:30 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

QR_CSIRT_2022_EN@2x
Add CSIRT to contacts