What is a pentest?
A penetration test (short: pentest) is a comprehensive security test for either individual computers or even networks of any size with the means and methods that an attacker would use. With the help of a pentest, we can check your IT infrastructure for flaws and gaps. Our goal is to simulate a realistic attack on your company - for this we put ourselves in the position of a criminal hacker or insider, for example.
We check whether we discover security-critical flaws in your systems that could be exploited by these actors to steal data or gain access to your IT infrastructure.
Types of pentests differ, among other things, in terms of their goal, aggressiveness or scope. If you are not sure which pentest is the right one for you or your company, it is worth reading our magazine article.
![[Translate to English:] Red Team Logo - Security Color Wheel](/fileadmin/it-security/Security-Color-Wheel-red.png "[Translate to English:] Red-Team-Logo")
Pentest: Red Teaming
Our red team carries out pentests in various scenarios, takes threats from external and internal actors into account, and thus reliably identifies the gateways for botnets and ransomware.
Using a methodical approach in accordance with our ethical hacking code and using recognized tools, our certified experts find the weaknesses in your company before others exploit them. We will then help you to stay ahead of the hackers through regular reviews or vulnerability management!
Depending on the customer, industry, and other criteria, we create a plan that suits your company – and of course we coordinate our approach with you in detail.
With our approach, we have highly individual customization options for each customer in order to make the pentesting as effective as possible. From a purely passive approach or a pure vulnerability analysis to the active exploitation of security gaps, everything is possible. Any security gaps we find are precisely documented and individually assessed depending on the industry and company.
We take a modular approach to be able to test industry-specific properties more intensively. While a full system pentest is urgently recommended for a bank, this is not always the case with the 3-man software startup – though, an OSINT analysis is recommended in both cases at the same time. In this way, we can work out a structure for your pentest together that will help you in the long term and in addition to optimal coverage of relevant and industry-specific security mechanisms, also ensure customer-specific solutions and realistic implementation proposals.
![[Translate to English:] ASC](/fileadmin/_processed_/b/e/csm_allianz-fuer-cyber-sicherheit_e0ba127982.png "[Translate to English:] Allianz für Cyber-Sicherheit Teilnehmer")
Our certified IT security experts work according to the highest space standards and the standards of the Federal Office for Security and Information Technology (BSI).
Over the years, we have adapted our approach to customer-friendliness and transparency. You have full control over what we are allowed to test, at what times and with what aggressiveness.
In this way we can ensure that you can carry out your work without any problems and that our tests run smoothly.
Pentest - and then?
A pentest is a snapshot. The steadily advancing digitization in all industries is always prone to security gaps. Hardware ages, systems need updates and people have to be trained regularly. We offer regular staff training, both actively as a workshop and passively via phishing simulation. This simulation is particularly suitable for documenting the current state of knowledge as well as the progress. We send realistic phishing emails with typical features that a trained eye would recognize. This procedure is called social engineering and is usually the first step of an active attacker who aims to break into a system. With social engineering, attackers can obtain information such as passwords and other sensitive data - and the statistics show: they exploit this! The number of phishing attempts has been increasing rapidly for years. Especially since Corona and home office this topic is more relevant than ever.
Awareness is therefore one of the big issues of our time. It is no longer enough to have a firewall, a spam filter, or a security officer. Employees must be actively trained and at the same time the level of knowledge of each employee must be checked regularly to ensure that they do not pose a safety risk. The pressure to act has increased enormously here.