A pentest (short for "penetration test" or also called "penetration testing" / "pentesting") is a comprehensive security test of individual computers or networks of any size using the means and methods that an attacker would apply. With the help of penetration testing, we can check your IT infrastructure for any vulnerabilities and shortcomings. Our goal is to simulate a realistic attack on your company - to do this, we put ourselves in the shoes of a criminal hacker or inside perpetrator, for example.
With our pentest, we determine whether there are any security-critical vulnerabilities in your systems that could be exploited to steal data or gain access to your IT infrastructure.
There are different types of pentests that differ in terms of target, aggressiveness or scope, among other things. If you are not sure which pentest is right for you or your company, it is worth taking a look at our magazine article.
- Detection of existing vulnerabilities at an early stage to prevent financial loss
- Fulfillment of compliance requirements such as ISO 27001, PCI DSS or DSGVO
- Decision support for optimizing your own IT security
- Objective assessment of existing risk potential
- 30 years of experience in the development of highly secure satellite systems and external accreditation under ISO 27001
- Maximum transparency and traceable documentation of identified vulnerabilities
Our Red Team carries out pentests in various scenarios, incorporates internal and external threats and thus reliably identifies gateways for botnets and ransomware.
Using a methodical approach in accordance with our ethical hacking code and applying recognized tools, our certified experts find the vulnerabilities in your company before others can exploit them. We will then help you to stay ahead of the hackers through regular reviews or vulnerability management!
Depending on the customer, industry, and other criteria, we create a plan that suits your company – and of course we coordinate our approach with you in detail.
With our approach, we have highly individualized customization options to make the pentest as effective as possible for each customer. Everything is possible - such as a solely passive approach, pure vulnerability analysis or the active exploitation of security gaps. Any security vulnerabilities that are detected are documented in detail and individually evaluated in the light of your industry and company. In addition, you will receive specific recommendations from us on how the security gaps that have been identified can be remedied.
We take a modular approach so that we can pay greater attention to industry-specific factors. While a full-scale system penetration test is highly recommended for a bank, it is not always necessary for a 3-person software start-up - at the same time, an OSINT analysis is advisable in all cases. Together, we can structure your penetration test to help you in the long term and ensure optimum coverage of relevant and industry-specific security mechanisms as well as customer-specific approaches and proposals for realistic implementation.
We attach importance to tailoring our pentest solutions to your needs, and to those of your company and your industry, while ensuring that it can be realistically implemented.
Our certified IT security experts work in accordance with the highest space standards and the standards of the Federal Office for Security and Information Technology (BSI).
Over the years, we have adapted our approach to enhance customer-friendliness and transparency. You have full control over what we are allowed to test, at what times and with what level of aggressiveness.
In this way we can ensure that you can carry out your work without any problems and that our tests run smoothly.
A pentest is a snapshot in time. The constant advances in digitization in all industries heighten exposure to security gaps. Hardware ages, systems need updates and people require regular training.
That's why we offer regular staff training, both actively in a workshop and passively via phishing simulation. This simulation is particularly suitable for documenting the status quo. In this case, we send realistic phishing e-mails with typical characteristics that a trained eye would recognize. This procedure is called social engineering and is usually the first step taken by an active attacker who is seeking to penetrate a system. Social engineering allows attackers to obtain information such as passwords and other sensitive data - and statistics show that they are successful in doing so! The number of phishing attempts has been rising sharply for years. This risk has never been more relevant particularly since Covid and the move towards working from home.
Awareness is therefore one of the top priorities of our times. It is no longer enough to have a firewall, a spam filter or a security officer. Employees must be actively trained, and at the same time the level of knowledge of each employee must be regularly checked to ensure that he or she does not pose a security risk. The need to act has increased enormously in this regard.