Ethical hacking: closing vulnerabilities before others find them
Due to increasing mechanization, companies today are exposed to various threats, such as industrial espionage, internal attacks or denial-of-service attacks. Penetration tests (pentests for short) represent an important tool for the timely detection and closure of security vulnerabilities in order to protect sensitive company data.
In a penetration test, our employees systematically test your network, active directory, web application or other IT system for vulnerabilities and simulate the actions of an attacker. A penetration test thus enables us to provide realistic assessments of the vulnerability of your systems and the effectiveness of the installed defense mechanisms.
In consultation with you, we systematically check the systems for typical vulnerabilities. Each finding is documented and evaluated to subsequently help you close these security gaps.
In doing so, we proceed according to proven standards and methodologies, such as the OWASP Top 10 or the BSI guidelines on penetration tests. It goes without saying that absolute secrecy and discretion prevail.
Fields of Application
Depending on the scope and the target, we distinguish between different types of penetration tests:
- In an infrastructure test, we examine your entire company or a critical sub-area and check all services, servers and endpoints in a network for security vulnerabilities, be it Windows PCs, Linux servers, wireless interfaces or IP cameras.
- If you use a web service or operate a website, we test it and its interfaces for possible security vulnerabilities in a web application test and ensure that the opportunities for damage to be attacked are reduced.
- Finally, desktop apps are also susceptible to specific security vulnerabilities and should be subjected to penetration tests if they act with interfaces or process sensitive data.
Our tests are carried out according to the black, grey or white box principle. In a blackbox test, an external attacker is simulated who has no prior knowledge or insider knowledge about a target. In grey- and whitebox tests, the attacker is aware of more information about the target, or even provided with source code. We are glad to advise you and find the right model for your use case.
Phases of a penetration test
- Vulnerability scans
- Infrastructure testing
- Pentests of web and desktop applications
- Checking your active directory for vulnerabilities and misconfigurations
- Execution of blackbox, greybox and whitebox pentests
- Clear report with evaluation and description of all findings and concrete recommendations for action