Penetration test
Almost every IT user is now aware that attacks on the IT infrastructure take place in their own company on a daily basis. Even today, apparently less attractive destinations are no longer stopped, because the weakest link in the system chain is extremely interesting as a gateway for hackers. For this reason, especially companies that work with networked IT systems should regularly carry out IT security tests that have been developed to uncover current attack possibilities.
A best practice is that Penetration test to determine the attack potential on the entire IT infrastructure, an individual IT system or a (web) application. In the results report, any weaknesses found are categorized, prioritized and information on how to eliminate them is given. Upon request, the penetration testers also try to actively exploit weak points in order to carry out and document a break-in possibility in practice.
Target systems for a penetration test are:
- Server and storage systems (database server, web server, file server, application server, domain controller, etc.)
- Clients (desktop PCs, notebooks, tablets, smartphones, etc.)
- Web applications (website, case processing, web shop)
- Wireless networks (WLAN, Bluetooth, proprietary radio connections)
- Network coupling elements and security gateways (routers, switches, firewalls, IDS / IPS systems)
- Industrial plants (ICS, SCADA)
- Telecommunication systems
- Infrastructure facilities (access control mechanisms, building control)
- IoT devices
Our approach
Depending on the customer’s requirements, we can provide information about the systems without any further information Black box tests by. However, it turns out to be more effective Whitebox test , in which the customer provides us with as much information as possible about the systems to be attacked in advance. The most common compromise between implementation effort and provision of information is Greybox test where the customer only provides us with basic information for the attack.
For a penetration test in the internal infrastructure, we carry out the test on site or remotely via an analyzer box developed by us, which is integrated into the customer’s network and can be controlled by us via a secure VPN during the execution period.
You can find a diagram of the process here: Pentest representation .
Make an appointment for a consultation. Together we will find the right solution for you.