A penetration test is a structured attack against IT systems or applications to find security weaknesses and flaws. During a pentest the same tools and techniques are used, which a real attacker would use to infiltrate your systems. It is always a combination of security tools and manual tests to find and exploit a vulnerability. Whereas a real attacker only needs to find and exploit a single vulnerability, a penetration tester will check all common attack vectors. A penetration test reveals if a real attacker would be able to infiltrate your systems.
We specialize in penetration testing of Web Applications, IT Infrastructures, Mobile Apps and IoT devices. Our penetration testing approach is based on OSSTMM and OWASP Testing Guide and also meets the requirements of the Payment Card Industry Data Security Standard. Using a structural approach for penetration testing is a key success factor to get repeatable results. After we performed a penetration test, we will create a detailed report. This pentest reports will contain a management summary and a technical description of all identified vulnerabilities.
Performing a penetration test is always a compromise between its security insight potential and its costs. A typical pentest shows a good balance of these characteristics, delivering very import security insights. The cost of a balanced penetration test is determined primarily by the scope of application and/or size of the IT infrastructure, and depends on the penetration tester's time-effort to examine his target. Whereas a pentest for a small web application will take approximately a day, penetrating a complex IT infrastructure with multiple servers and applications can take weeks. Nevertheless most medium-sized web applications can be tested in a week or less.
For a valid estimate we need information about your web application or infrastructure. Providing some form of access to the web application to get an impression of its complexity and providing basic information about the underlying framework or programming language will help us making you an exact offer. If the penetration test is about an IT infrastructure, you need to send us the corresponding network or IP addresses. In this case we will conduct a simple and non-invasive network scan in order to get a good estimate. After conducting our cost estimation you will receive a comprehensive offer.
To make you an offer, please get in touch with us. If you have any further question, please do not hesitate to contact us.
Do you have questions about our service? Do you like to get an offer? Just get in touch with us. Please use our contact form or call us +49 69 2475607-0.