Attack simulation: efficient and thorough
As a software manufacturer and service provider for information security, we have been offering realistic attack simulations on company infrastructures for many years in order to provide our customers with the best possible protection against real cyber attacks.
In contrast to automated scans, our specialized IT security experts simulate a real attacker during the penetration test, who thinks outside the box with a lot of experience and creativity and creatively combines functional vulnerabilities and configuration problems.
Web application
From input validation to API security and configuration management, a web application penetration test evaluates various aspects of a web application’s security to identify vulnerabilities. We base our implementation on the current Web Security Testing Guide (WSTG).
Starting point
- Online portals
- eCommerce application
Mobile application
When penetration testing mobile apps, particular attention is paid to how an app runs on a mobile device and its operating system. The penetration test focuses on device-specific vulnerabilities, authorizations and data storage.
Starting point
- Introduction of a new app
- Customization of an app
Client/Infrastructure
A client and infrastructure penetration test is a targeted and controlled method of evaluating the security of IT systems and networks. Various attack techniques are used in the process. The aim of the tests is to identify vulnerabilities and security risks in a company’s IT infrastructure.
Starting point
- Compromised device
- Cloud solution
- Network access
Reporting
The results of the pentest are summarized in a detailed, structured report. This describes the identified weaknesses and recommendations for their elimination. Individual sections of the report can also be separated out and distributed to those responsible for further processing.
From penetration test to compliance automation
Once a pentest has been completed, the results can be mapped in VASGARD/IAN and tracked until the solution is found. By viewing the results from different perspectives (IT operations vs. management vs. auditor), the relevant correlations become comprehensible. Security risks are presented across silos. Resulting measures, including responsibilities, can also be recorded and transferred to an existing ticket system. This ensures that findings can be tracked without the need to maintain additional reports and lists.
