Penetration Test

We recommend a penetration test for systems with critical and sensitive data. These must be specially protected; automated security tests that identify known security gaps are not sufficient here.

With our combination of predominantly manual and customized automated tests, we also identify unknown configurations and programming errors.

Penetration test procedure

Planing:

Each penetration test is individual. For different scenarios there are procedures that can be recommended by us. We can provide you with experts in all areas, from white to grey to black box tests, server infrastructure and applications.

We go through the following points with you:

  • What is the test object?
  • Who is informed
  • Which test is planned, e.g. Black Box or White Box Test
  • Tuning the time of the tests
  • Depth of testing; vulnerabilities are only identified or exploited in a proof of concept
  • Who gets which test results

Basis of the Penetration Tests:

The tests are based on recognized security standards. In addition, we can carry out these tests on the basis of your specific requirements arising from your business.

The best known standards are in this area:

  • PCI DSS (Payment Card Industry Data Security Standard)
  • BSI Guide to IT Security Penetration Testing
  • HIPAA (Health Insurance Portability and Accountability Act)
  • BaFin (Federal Financial Supervisory Authority) IT security regulations
  • OWASP (Open Web Application Security Project) Testing Guide
  • PTES (Penetration Testing Execution Standard)
  • OSSTMM (Open Source Security Testing Methodology Manual)

Test cases

Webapplikations:

Here we check your web application for possible vulnerabilities, such as those described in the OWASP Top Ten (in their current form).

  • Unauthorized access to unauthorized areas
  • Take-over of the web server as a springboard for further attacks
  • Takeover of your web application with the aim of specifically publishing false information
  • Unauthorized tapping of data
  • Manipulation of data

Infrastruktur:

  • Checking their network interfaces from the inside and outside
  • Checking your server operating systems for possible weak points and points of attack
  • Testing these entry points and installing possible backdoors
  • Attacks on your firewall
  • Finding and identifying potential entry points into your network over the Internet
  • Penetrate locked areas in your internal network

WLAN:

With WLAN networks, it is often ignored that these do not end at the office boundaries, but are often visible into the public area and thus represent a potential risk.

  • Finding all accessible WLANs
  • Search for unwanted WLANs via Smartphone or Tablet
  • Attempts to break into the protected WLANs
  • Attempt to break into your internal network via unsecured guest networks

Report

With our report you will receive a management summary including an evaluation of the security level. We usually deliver our reports in a format that is unalterable and protected against unauthorized access.

In addition, you will receive a description and mitigation recommendations for each identified vulnerability. If we have agreed on a specific report in advance, we will of course take this into account.

We also deliver our reports only to the agreed group of people.

After processing

We see our reports as input. We try to find solutions together with you in order to convert the experiences from the penetration test into automated tests. These can then already be used during the development or design phase of a product.

We will also be happy to hold a workshop with your employees after a penetration test, in which we will explain the security gaps and present possible countermeasures.

As an additional service, we can set up a security monitoring system for you so that your critical systems can be monitored regularly and automatically in the future.

After our experts have created the monitoring, we pass on the required knowledge to your employees in a workshop so that they can evaluate and classify the results and, if necessary, adapt the tests to future requirements.

Contact us today and request more information.

[Translate to Englisch:] imbus macht Testen einfach!

Tip: Book the imbus Expert Day Security and you will receive a risk assessment and recommendations for action in a compact half-day workshop!

NEW: Take part in one of the imbus Security Testing Days in Rhineland or Rhine-Main.

The dates and registration for the Security Testing Days can be found here.

Haben Sie Interesse an unseren Security Leistungen oder weitere Fragen?Kontaktieren Sie uns gerne perE-Mail. 

Das könnte Sie auch interessieren