Every company has a unique IT infrastructure and different applications. Accordingly, it needs specifically designed security testing. Our penetration testers are proficient in the most advanced hacking methods, which are also used by cyber criminals. We love the challenge in the cyber security field and systematically analyze everything that is networked: be it an application, cloud, control or production system (ICS: SCADA/DCS), security system, IoT device, aircraft, power plant or train.
Penetration tests, also known as pentests, use suitable means and methods to uncover existing vulnerabilities. Whether it is an unauthorized intrusion into systems, opportunities to manipulate data or insecure applications – a pentest uncovers security flaws. A report is then drawn up to show where and what the risks are.
In a security assessment, the configuration of the system and the operational handling of the system are assessed in addition to the penetration test. While penetration tests primarily examine the technical aspects of systems or applications, security assessments also cover procedural and organizational issues. A security assessment provides a more comprehensive view of the security level of the test objects. Any deviations and the associated risks are documented in a report.
The configuration review checks the configuration of the system for security-relevant settings. Hardening guidelines and standard frameworks are used in particular to create target/actual comparisons. However, it can also be carried out in another form, such as joint workshops or walk-throughs. This involves identifying deviations from implementation or security concepts, for example. The deviations and the associated risks are explained in a report.
High quality is ensured in penetration testing projects through proven and standardized procedures and with additional optional modules:
Kick-off meeting: Together we define the process, deadlines, prerequisites and the readiness for testing.
The next steps depend on the project type, the scope, and the depth of testing. These points are defined in a joint scoping meeting before the offer is prepared.
Reporting: Once the test activities have been completed, you will receive a customized and detailed final report. This will include a management summary, the project objectives, the general framework conditions, the findings (security gaps including risk categorization) and the recommended measures.
Final meeting (optional): At a final meeting, the results are presented and the findings and measures are explained in detail.
Penetration testing services are based on standards such as OWASP and OSSTMM. Various approaches can be selected:
A penetration test is important to verify the security of applications, IT systems, networks and much more. By simulating attack scenarios, potential vulnerabilities and security gaps are identified before they are exploited by malicious hackers. This enables companies to implement targeted security measures, improve their cyber resilience, and minimize risks.
A penetration test usually involves several steps. After defining the system that is to be tested and kicking off the project, a comprehensive analysis of the test object and surrounding infrastructure is first carried out to identify potential points of attack. This is followed by the use of various tools and techniques to find any vulnerabilities. The results are validated, documented and summarized in a report. The final report contains the identified vulnerabilities, their risk assessments and recommendations for improvement measures.
The frequency of penetration testing depends on various factors, such as the type of infrastructure, the size of the organization and the changing threat landscape. Generally, it is recommended to perform penetration tests on a regular basis to identify new vulnerabilities and to ensure that security measures are being implemented effectively. For critical systems, it is recommended to perform a pentest at least once a year or when significant changes are made to the infrastructure.
Put simply, a penetration test is about finding weaknesses and red teaming is about exploiting weaknesses. In addition, penetration tests are usually limited to technical vulnerabilities, whereas red teaming also involves organizational vulnerabilities. For more information, see our blog article «The Differences Between Penetration Test and Red Teaming».
Every day, companies around the world rely on our expertise. This is confirmed by our statistics in addition to our long-standing customers.
Don’t miss anything! Subscribe to our free newsletter.
Availability Monday to Friday 8:00 a.m. – 12:00 p.m. and 1:00 p.m. – 5:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.