What is a pentest?

A penetration test (short: pentest) is a comprehensive security test for either individual computers or even networks of any size with the means and methods that an attacker would use. With the help of a pentest, we can check your IT infrastructure for flaws and gaps. Our goal is to simulate a realistic attack on your company - for this we put ourselves in the position of a criminal hacker or insider, for example.

We check whether we discover security-critical flaws in your systems that could be exploited by these actors to steal data or gain access to your IT infrastructure.

Types of pentests differ, among other things, in terms of their goal, aggressiveness or scope. If you are not sure which pentest is the right one for you or your company, it is worth reading our magazine article.

Pentest: Red Teaming

Our red team carries out pentests in various scenarios, takes threats from external and internal actors into account, and thus reliably identifies the gateways for botnets and ransomware.

Using a methodical approach in accordance with our ethical hacking code and using recognized tools, our certified experts find the weaknesses in your company before others exploit them. We will then help you to stay ahead of the hackers through regular reviews or vulnerability management!

Depending on the customer, industry, and other criteria, we create a plan that suits your company – and of course we coordinate our approach with you in detail.

Benefit from best practices in cyber security from over 30 years of experience in the development of highly secure satellite systems.

 

Contact us for a non-binding consultation about pentests, awareness or phishing!

A well-engineered system -

Highly individual for each customer

With our approach, we have highly individual customization options for each customer in order to make the pentesting as effective as possible. From a purely passive approach or a pure vulnerability analysis to the active exploitation of security gaps, everything is possible. Any security gaps we find are precisely documented and individually assessed depending on the industry and company.

We take a modular approach to be able to test industry-specific properties more intensively. While a full system pentest is urgently recommended for a bank, this is not always the case with the 3-man software startup – though, an OSINT analysis is recommended in both cases at the same time. In this way, we can work out a structure for your pentest together that will help you in the long term and in addition to optimal coverage of relevant and industry-specific security mechanisms, also ensure customer-specific solutions and realistic implementation proposals.

 

It is important to us that our solution is tailored to you, your company and your industry and can be realistically implemented.

 

IT security by highest standards

Our certified IT security experts work according to the highest space standards and the standards of the Federal Office for Security and Information Technology (BSI).

Over the years, we have adapted our approach to customer-friendliness and transparency. You have full control over what we are allowed to test, at what times and with what aggressiveness.

In this way we can ensure that you can carry out your work without any problems and that our tests run smoothly.


Pentest - and then?

A pentest is a snapshot. The steadily advancing digitization in all industries is always prone to security gaps. Hardware ages, systems need updates and people have to be trained regularly. We offer regular staff training, both actively as a workshop and passively via phishing simulation. This simulation is particularly suitable for documenting the current state of knowledge as well as the progress. We send realistic phishing emails with typical features that a trained eye would recognize. This procedure is called social engineering and is usually the first step of an active attacker who aims to break into a system. With social engineering, attackers can obtain information such as passwords and other sensitive data - and the statistics show: they exploit this! The number of phishing attempts has been increasing rapidly for years. Especially since Corona and home office this topic is more relevant than ever.

Awareness is therefore one of the big issues of our time. It is no longer enough to have a firewall, a spam filter, or a security officer. Employees must be actively trained and at the same time the level of knowledge of each employee must be checked regularly to ensure that they do not pose a safety risk. The pressure to act has increased enormously here.

"Regular penetration tests, reviews of defensive measures and awareness-workshops are essential for everyone who wants to stay safe. Just like the general inspection for your vehicle."

IT pioneer Nikolas Rösener - security expert at OHB Digital Services 

Does this sound interesting for you and your company? Then get in touch with us.