What kind of pentest do I need?

A pentest must be done with the right objective and scenarios in order for it to be profitable.

The dimension must be clear in order to find the right one in the multitude of scenarios

The different types of pentests are classified into black box, white box or gray box. But how can this classification help in deciding on the right pentest?

Certain results are given with the type of pentest selected. Depending on which scenario you choose the direction and the result of the pentest are already narrowed down. Other factors that limit the choice of the pentest are the economic benefits (effort, costs) and the realism of the scenarios. The aim should be to optimize both.

Use the scenarios in a targeted manner 

Solutions require priorities; the pentest alone is not enough 

If the pentest has been carried out with the objective and the correct scenarios by the commissioned pentesters, a list of weak points is obtained. However, this mere list does not solve a single problem, and it is still a long way from providing advice. In order to be able to react well to weak points in the company's IT, these must first be prioritized, because of course not all problems can be resolved at once. For this purpose, the risks that are frequent and have a major impact should be prioritized (e.g., with the help of the Eisenhower matrix). A well-sized pentest can for the most part provide this prioritization. The goal should be to fix the most realistic, costly, and business damaging scenarios first. So you have to think about which areas in the company are vulnerable, which of them are particularly important and become aware of the serious dangers and risks you are exposed to. For this it is essential to know your own requirements. 

The most important thing, however, is to act to the results of the pentest and take action. If I remain passive after the pentest and do not change anything in the company in order to ensure more IT security and to close my own security gaps, then even the most comprehensive and cost-intensive pentest is ineffective. 

Your journey with OHB Digital Services 

Use the knowledge from space travel for your business. OHB Digital Services GmbH has been a reliable partner for secure & innovative IT solutions for many years. We are part of one of the most successful space and technology companies in Europe. With our products and services, we support you, among other things, with the digitization of your company processes along the value chain and with all security-related issues. Please contact us. 

Does this sound interesting for you and your company?
Then get in touch with us.