Every company has a unique IT infrastructure and different applications, and therefore requires a specially customized security audit. Our team of penetration testers is highly skilled in the latest attack methods used by cybercriminals. We conduct comprehensive penetration tests to systematically analyze all networked components, including applications, cloud environments, control or production systems (ICS: SCADA/DCS), security systems, IoT devices, aircraft, power plants, or trains.
Penetration tests, also known as pentests, use suitable means and methods to uncover existing vulnerabilities. Whether it is an unauthorized intrusion into systems, opportunities to manipulate data or insecure applications – a pentest uncovers security flaws. A report is then drawn up to show where and what the risks are.
In a security assessment, the configuration of the system and the operational handling of the system are assessed in addition to the penetration test. While penetration tests primarily examine the technical aspects of systems or applications, security assessments also cover procedural and organizational issues. A security assessment provides a more comprehensive view of the security level of the test objects. Any deviations and the associated risks are documented in a report.
The configuration review checks the configuration of the system for security-relevant settings. Hardening guidelines and standard frameworks are used in particular to create target/actual comparisons. However, it can also be carried out in another form, such as joint workshops or walk-throughs. This involves identifying deviations from implementation or security concepts, for example. The deviations and the associated risks are explained in a report.
We assess all types of connected components, systems, and applications – from traditional IT environments to IoT and OT systems.
Technical security weaknesses are systematically detected, manually verified, and prioritized.
Our reports include concise management summaries and concrete hardening measures with estimated effort.
Before the project begins, we define the exact test scope together – ensuring maximum relevance and cost transparency.
Our tests help you meet regulatory requirements (e.g., TLPT/DORA) and follow recognized standards such as OWASP and OSSTMM.
With our practical recommendations, you strengthen your defenses and increase your organization’s overall resilience.
Our penetration testing services cover a wide range of areas, including application testing, network/security infrastructure testing, client/server infrastructure testing, cloud security testing, and IoT & OT security testing. Each service is designed to identify, validate, and prioritize security vulnerabilities so that you can protect your business from these potential threats. Our experts combine in-depth expertise with innovative methods and state-of-the-art technology to test the security of your systems. This minimizes the risk of vulnerabilities remaining undetected or even being exploited maliciously. Learn more about our services and how we can help you achieve your security goals.
High quality is ensured in penetration testing projects through proven and standardized procedures and with additional optional modules:
Together we define the process, deadlines, prerequisites and the readiness for testing.
The next steps depend on the project type, the scope, and the depth of testing. These points are defined in a joint scoping meeting before the offer is prepared.
Once the test activities have been completed, you will receive a customized and detailed final report. This will include a management summary, the project objectives, the general framework conditions, the findings (security gaps including risk categorization) and the recommended measures.
At a final meeting, the results are presented and the findings and measures are explained in detail.
Penetration testing services are based on standards such as OWASP and OSSTMM. Various approaches can be selected:
Together we define the process, deadlines, prerequisites and the readiness for testing.
The next steps depend on the project type, the scope, and the depth of testing. These points are defined in a joint scoping meeting before the offer is prepared.
Test from an internal perspective with access data (authenticated) or external perspective, without access data.
Tests from the Internet (outside) or from the internal network (inside).
This approach assumes that attackers already have access to a system. It checks whether they can access other systems, sensitive data or higher-privileged user accounts.
Discover hidden security vulnerabilities with our penetration tests before attackers can exploit them. Protect your IT, OT, and cloud systems with hands-on assessments conducted by our experts.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
Don’t miss anything! Subscribe to our free newsletter.
