Secure software-based systems with penetration testing!

Penetration testing (also known as pentesting) refers to the manual testing of software-based systems and IT systems for security vulnerabilities. Almost every security vulnerability is exploited to simulate real attacks on the system and thus create a picture of the overall security of the company or product.

We recommend penetration testing for systems containing critical and sensitive data. These require special protection, and automated security tests that identify known security vulnerabilities are not sufficient in this case.

With our combination of predominantly manual and customized automated tests, we also identify unknown configuration and programming errors.

Basis of the Penetration Tests:

The tests are based on recognized security standards. In addition, we can carry out these tests on the basis of your specific requirements arising from your business.

The best known standards are in this area:

• PCI DSS (Payment Card Industry Data Security Standard)
• BSI Guide to IT Security Penetration Testing
• HIPAA (Health Insurance Portability and Accountability Act)
• BaFin (Federal Financial Supervisory Authority) IT security regulations

 General standards must also always be taken into account. The best known are:

• OWASP (Open Web Application Security Project) Testing Guide
• PTES (Penetration Testing Execution Standard)
• OSSTMM (Open Source Security Testing Methodology Manual)
• BSI Guide to IT Security Penetration Testing

The specified standards state exactly what is to be tested, but every company has its own requirements and specifications. Thanks to our many years of experience, we have not only set our own standards, but also think beyond them. As experts, we know how to test your test object most effectively, so that you get the best possible cost-benefit ratio.

Webapplikations:

Here we check your web application for possible vulnerabilities, such as those described in the OWASP Top Ten (in their current form).

• Unauthorized access to unauthorized areas
• Take-over of the web server as a springboard for further attacks
• Takeover of your web application with the aim of specifically publishing false information
• Unauthorized tapping of data
• Manipulation of data

Infrastruktur:

• Checking their network interfaces from the inside and outside
• Checking your server operating systems for possible weak points and points of attack
• Testing these entry points and installing possible backdoors
• Attacks on your firewall
• Finding and identifying potential entry points into your network over the Internet
• Penetrate locked areas in your internal network

WLAN:

With WLAN networks, it is often ignored that these do not end at the office boundaries, but are often visible into the public area and thus represent a potential risk.

• Finding all accessible WLANs
• Search for unwanted WLANs via Smartphone or Tablet
• Attempts to break into the protected WLANs
• Attempt to break into your internal network via unsecured guest networks

Report

With our report you will receive a management summary including an evaluation of the security level. We usually deliver our reports in a format that is unalterable and protected against unauthorized access.

In addition, you will receive a description and mitigation recommendations for each identified vulnerability. If we have agreed on a specific report in advance, we will of course take this into account.

We also deliver our reports only to the agreed group of people.