Penetration Testing

PEN

Attack simulation: efficient and thorough

As a software manufacturer and service provider for information security, we have been offering realistic attack simulations on company infrastructures for many years in order to provide our customers with the best possible protection against real cyber attacks.

In contrast to automated scans, our specialized IT security experts simulate a real attacker during the penetration test, who thinks outside the box with a lot of experience and creativity and creatively combines functional vulnerabilities and configuration problems.

Penetration Test

Web application

From input validation to API security and configuration management, a web application penetration test evaluates various aspects of a web application’s security to identify vulnerabilities.

Starting point

  • Online portals
  • eCommerce application

Mobile application

When penetration testing mobile apps, particular attention is paid to how an app runs on a mobile device and its operating system. The penetration test focuses on device-specific vulnerabilities, authorizations and data storage.

Starting point

  • Introduction of a new app
  • Customization of an app

Client/Infrastructure

A client and infrastructure penetration test is a targeted and controlled method of evaluating the security of IT systems and networks. Various attack techniques are used in the process. The aim of the tests is to identify vulnerabilities and security risks in a company’s IT infrastructure.

Starting point

  • Compromised device
  • Cloud solution
  • Network access

Reporting

The results of the pentest are summarized in a detailed, structured report. This describes the identified weaknesses and recommendations for their elimination. Individual sections of the report can also be separated out and distributed to those responsible for further processing.

From penetration test to compliance automation

During the penetration test, the findings are mapped in VASGARD/IAN and can therefore be tracked for the solution. By viewing the results from different perspectives (IT operations vs. management vs. auditor), the relevant correlations become comprehensible. Security risks are presented across silos. Resulting measures, including responsibilities, can also be recorded and transferred to an existing ticket system. This ensures that findings can be tracked without the need to maintain additional reports and lists.

Penetration test standards

OWASP Web Security Testing Guide

A client and infrastructure penetration test is a targeted and controlled method for evaluating the security of IT systems and networks. Various attack techniques are used. The aim of the tests is to identify vulnerabilities and security risks in a company’s IT infrastructure.

Classification of the BSI

Our penetration tests are classified according to the criteria of the German Federal Office for Information Security (BSI).

Are you interested in our service or do you have any questions?

We will be happy to help you and look forward to hearing from you.

Contact