Would you like more information about pentesting?
Then simply get in touch with our experts.
Nikolas Rösener
Security Expert
- cyber-security@ohb-ds.de
- 0421220950
A pentest (short for penetration test or penetration testing / pentesting) is a comprehensive security test of individual computers or networks of any size using the means and methods that an attacker would use. With the help of penetration testing, we can check your IT infrastructure for errors and gaps. Our aim is to simulate a realistic attack on your company - for example, by putting ourselves in the shoes of a criminal hacker or internal perpetrator.
With our pentest, we check whether we discover security-critical points in your systems that could be exploited by these actors to steal data or gain access to your IT infrastructure.
Types of pentests differ in terms of target, aggressiveness and scope, among other things. If you're not sure which pentest is right for you or your company, it's worth taking a look at our magazine article.
Our team conducts penetration tests in various scenarios, taking into account threats from external and internal actors, and thus reliably identifies the gateways for botnets & ransomware.
Using a methodical approach in accordance with our ethical hacking code and recognized tools, our certified penetration testers will find vulnerabilities in your company before others exploit them. We then help you to stay one step ahead of the hackers through regular reviews or your own vulnerability management!
Depending on the customer, sector and other criteria, we create a plan that suits your company - we coordinate our approach with you in detail.
With our approach, we have highly individualized customization options for each customer to make the pentest as effective as possible. From a purely passive approach to pure vulnerability analysis to the active exploitation of security gaps, everything is possible. Any security gaps found are documented in detail and evaluated individually depending on the industry and company. In addition, you will receive specific recommendations from us on how the identified security gaps can be remedied.
We take a modular approach here in order to be able to test industry-specific features to a greater extent. While a full system penetration test is highly recommended for a bank, this is not always the case for a 3-man software start-up - an OSINT analysis is recommended in both cases. Together, we can develop a structure for your penetration test that will help you in the long term and, in addition to optimal coverage of relevant and industry-specific security mechanisms, also guarantee customer-specific solutions and realistic implementation proposals.
It is important to us that our pentest solution is tailored to you, your company and your industry and can be realistically implemented.
Our certified IT security experts / penetration testers work according to the highest aerospace standards and the standards of the German Federal Office for Security and Information Technology (BSI).
Over the years, we have adapted our procedure to be customer-friendly and transparent. You have full control over what we are allowed to test, at what times and with what aggressiveness.
This enables us to ensure that you can carry out your work without any problems and that our tests run smoothly.
A pentest is a snapshot in time. The constant advance of digitalization in all industries is always susceptible to security vulnerabilities. Hardware ages, systems need to be updated and people need regular training.
We therefore offer regular staff training, both actively as a workshop and passively via a phishing simulation. This simulation is particularly suitable for documenting the current level of knowledge and progress. We send realistic phishing emails with typical characteristics that a trained eye would recognize. This procedure is known as social engineering and is usually the first step taken by an active attacker with the aim of penetrating a system. Attackers can use social engineering to obtain information such as passwords and other sensitive data - and the statistics show that they do! The number of phishing attempts has been rising sharply for years. Especially since corona and working from home, this topic has never been more topical.
Awareness is therefore one of the big issues of our time. It is no longer enough to have a firewall, a spam filter or a security officer. Employees must be actively trained and at the same time, the level of knowledge of each employee must be regularly checked to ensure that they do not pose a security risk. The pressure to act has increased enormously here.
"Regular pentests, reviews of defensive measures and awareness workshops are essential for anyone who wants to be safe on the road, just like the general inspection of a vehicle."
In our opinion, no automated pentest tool can currently replace a qualified penetration tester: So-called "Dynamic Application Security Testing" (DAST tools for short) or vulnerability scanners are often touted and advertised as a cost-effective alternative to professional pentesting. Due to the wide range of programming languages and technologies, the increasing complexity of application logic, the large number of application areas and the lack of standardization in the dialog processes between client and server, you should not rely exclusively on pentest tools or vulnerability scanners these days.
DAST tools can certainly be used as a supplement for certain vulnerabilities or in build environments. However, these tools are unsuitable as a panacea and should therefore primarily be used as support.
There are no laws in Germany that directly oblige a company or authority to carry out a penetration test. There are only regulations on (1) the security and availability of data relevant under tax and commercial law, (2) the handling of personal data and (3) the establishment and design of an internal control system. Companies are obliged to take measures to ensure the availability, confidentiality and integrity of the relevant data. The measures taken are checked at regular intervals to ensure that the systems meet the legal requirements. Pentests are used here, among other things.
A pentest is designed to identify any existing vulnerabilities and exploit them securely. As the client, you must expect that your IT systems may be impaired or that irregularities in business operations may occur. Under certain circumstances, this can be avoided / minimized by using development or integration environments. We therefore plan the necessary measures before the pentest in order to keep potential disruptions to a minimum. For example, it may be useful for you to provide an employee to monitor the penetration test and inform us if we need to stop the pentest. We may also make (additional) data backups and draw up a contingency plan if this is not already in place. If the so-called white box approach is chosen for the pentest, additional information or a contact person for the pentester must be provided. You can find out more about the types of pentest and the white-box approach here .
OHB Digital Services GmbH
Konrad-Zuse-Str. 8
28359 Bremen
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information
