Penetration tests are not an end in themselves. They help to identify organizational and technical security vulnerabilities, in order to then eliminate them by means of efficient countermeasures based on recommendations. Organizations that want sustainably to protect their business as well as make secure their business in terms of information security, and consistently reduce risks would be well advised to perform qualified penetration tests of their IT infrastructure, systems, applications, products or networked solutions.
TÜViT has successfully performed hundreds of penetration tests across different industries. The German Federal Office for Information Security (BSI) has certified TÜViT as an IT security service provider for penetration testing.
Penetration tests can be highly customized to meet the individual needs and requirements of clients. Depending on the respective type of penetration test, for example, the external network access points may be analyzed for security vulnerabilities, including the various web applications. Mobile end devices, data storage media and authentication tokens can also be included, as part of the “lost devices” scenario.
During the performance of penetration tests, our IT security experts follow procedural models from recognized institutions, such as the German Federal Office for Information Security (BSI). To this end, they use a specially developed test platform, the “Distributed Penetration Platform” (DPP). This allows centralized data storage for penetration tests in complex network environments, for example, as well as the performance of parallel tests to increase efficiency.
Classification of penetration tests
Exemplary project schedule
Your benefits at a glance
- identification of specific vulnerabilities (technical, organizational, procedural)
- objective assessment and evaluation of the effectiveness of your IT security measures
- specific recommendations for security measures, in order to eliminate the security vulnerabilities (technical, organizational, procedural)
- increasing the security of critical data, systems and applications
- increasing the efficiency of the mix of technical, organizational and procedural measures
- preparation for an internal or external acceptance procedure, audit or certification
- increasing the security awareness of employees at all hierarchy levels
- verification of the security level by means of a corresponding certificate/seal of quality as verification of trusted status toward supervisory institutions and clients