Pentests
Protect your company from cyber attacks
Vulnerabilities in your systems, components or applications can become a gateway for cyber criminals if they are not detected at an early stage. Data theft, blackmail and system failures, as well as the associated economic damage and loss of trust, are just some of the possible consequences of a successful cyber attack.
A pentest is an IT security measure used to check the security of IT systems, networks and applications. The aim is to identify potential vulnerabilities and points of attack at an early stage before they can be exploited by cyber criminals, using methods and means that real attackers would also use.
As a central element of modern IT security strategies, a pentest not only provides valuable insights into existing vulnerabilities, but also offers a sound basis for targeted protective measures - summarised in the following benefits.
In addition to a purely technical approach, we also offer tests relating to possible physical or human vulnerabilities as part of a holistic approach.
Red Teaming provides a comprehensive, realistic endurance test of your cybersecurity. Our team of security experts acts like real attackers: from inconspicuous reconnaissance to subsequent exfiltration, they test all security-critical phases. They simulate targeted attacks on processes, systems and employees to uncover vulnerabilities that traditional penetration tests often fail to detect. The result: a clear, implementable action plan that strengthens your defence strategies in the long term.
Digital forensics (DFIR) is a central component of modern cyber security and complements penetration tests with the systematic investigation of security incidents. In the event of an attack, forensic analyses make it possible to preserve evidence, extract data and restore critical information. Methods such as network forensics, cloud forensics or IoT forensics help with threat detection, case analysis and investigation. DFIR tools are used to identify IT logs, malware traces and security vulnerabilities in order to prevent future attacks through targeted incident response.
The duration of a pentest depends on various factors. For example, the test object and its complexity, the selected test depth and the procedure determine how many days a pentest takes. As a general rule, the more complex the object to be tested, the more time a corresponding pentest requires.
We would be happy to offer you a non-binding initial consultation.
When it comes to penetration tests, the following applies: after the test is before the test. This means that pentests should always be an integral part of a holistic approach to IT security within a company. As attack methods are constantly evolving, this is the only way to ensure that networks, IT systems, web applications and mobile apps can withstand potential cyber attacks.
In principle, vulnerability scans and penetration tests pursue the same goal: to uncover potential vulnerabilities within the company's IT.
In contrast to penetration tests, however, vulnerability scans are software-supported and fully automated. They therefore provide basic findings regarding potential vulnerabilities and serve as a starting point for more in-depth checks such as penetration tests. However, as vulnerability scanners rely on databases with already known security vulnerabilities, they reach their limits, especially with self-developed applications.
Penetration tests are largely carried out manually by appropriately trained IT security experts. The focus here is primarily on more complex security vulnerabilities and the unauthorised exploitation of certain functions. Companies also receive a test report with specific recommendations for remedial action following the test.
First things first: Penetration tests are generally not aimed at restricting availability. We only carry out denial of service attacks after consultation with the client. Nevertheless, in rare cases it can happen that availability is restricted during the implementation. In general, however, the focus is on identifying vulnerabilities. The risk of an interruption to business operations is kept as low as possible.
Unfortunately, there is no generalised answer to how much a pentest costs. The final cost depends on various factors such as the test object, test configuration and security level. We would be happy to provide you with a free, non-binding quote.
In general, a distinction can be made between external and internal penetration tests.
In an external pentest, the attack on systems and networks is carried out from outside / from the internet and therefore from the perspective of an external attacker. The focus here is on the question of how secure a company is against such attacks.
In an internal pentest , auditors have access to a company's internal infrastructure. This simulates the further actions of attackers who have succeeded in overcoming the external security measures and gaining access to the internal network.
Test object:
Test method:
Starting point:
Before pentests can be carried out, the consent of the company to be tested is absolutely necessary. If this is not the case, it would be a criminal offence. Without prior, comprehensive clarification of the conditions, a pentest would be nothing more than an unauthorised hacker attack that could be punished, which is why the contract concluded must specify all modalities such as test period, test object and test depth.
In addition, only objects that clearly belong to the commissioning company may be inspected. For this reason, it should be clarified in advance which software services, such as cloud services, are not owned by the company so as not to infringe the property rights and/or copyrights of third parties. Alternatively, contractual agreements can be made with existing third-party providers or service providers before carrying out pentests.
The APrüfbericht is always created by our experts individually and in an easily understandable way (no automatic generation) and contains at least the following information:
Good reasons that speak in our favour