Penetration Testing (Pentest)

What is a penetration test?

A penetration test is an organised attack on IT systems or IT applications to identify possible vulnerabilities. Pentests use the same tools and techniques that real attackers would use to break into a system. A penetration test always includes the use of security tools and carrying out manual tests to uncover vulnerabilities. But while a real attacker only needs to find and exploit one vulnerability, a penetration tester checks all relevant attack vectors. A penetration test thus reveals whether a real attacker would be able to infiltrate your IT applications or IT systems.

Our pentest approach

We specialise in penetration testing for IT systems, web applications, mobile apps and IoT devices. Our approach is based on the OSSTMM specifications as well as the OWASP Testing Guide and, if requested by the client, also complies with the requirements of the PCI DSS. Having a structured approach is one of the most important factors to be able to deliver reproducible results. After completion of the test, you are given a detailed report. The report includes both a management summary and a technical report about all identified vulnerabilities.

Cost of pentests

Pentests are always a compromise between effort and cost. Successful pentests offer a good balance between these criteria to facilitate the testing of all relevant attacks and attack vectors. The cost of such a test always depends on the time the penetration tester spends and on the extent and complexity of the IT system or web applications. While a penetration test for a small application takes only about a day, it can take several weeks for a large network. However, most tests can be carried out in less than a week.

Binding offers require prior information about the systems and applications that are to be examined. It is important that we get an initial impression of the target. For web applications, for example, test access can be helpful. Any additional information, e.g. the framework etc., can make it easier for us to draft a suitable offer for you. If you need us to pentest an IT system, we will need the corresponding network addresses in advance. In this particular case, we will first perform a non-invasive network scan to get a first look at your network. We will provide a detailed offer once we can estimate the effort required.

Please get in touch with us if you would like to get a formal quote or if you have any questions.

FAQ

Of course. Please contact us for a quote and a sample report.
We use a combination of open source tools, licensed commercial tools and tools that we have developed ourselves, especially for API fuzzing. We no longer use the well-known Kali Linux due to major issues after upgrading. Instead, we are using good old Debian Linux as our OS to perform penetration tests.

Some competitors publish lists of the tools they use and their versions. In our opinion though, this is merely window dressing: Of course we use tools like nmap etc., but the right toolset depends on the target and also varies during the pentest.
If you fix the vulnerabilities within a reasonable amount of time, we would be glad to retest at no additional cost.

Contact us for penetration testing

Do you have a question about our service? Do you need a quote? Use our contact form contact form or call us at +49 69 2475607-0.

Pentests: Your benefits

  • Identification of vulnerabilities
  • Risk-weighted assessment
  • Detailed report
  • Certified security experts