Penetration Testing (Pentest)

What is a Penetration Test?

A penetration test is a structured attack against IT systems or applications to find security weaknesses and flaws. During a pentest the same tools and techniques are used, which a real attacker would use to infiltrate your systems. It is always a combination of security tools and manual tests to find and exploit a vulnerability. Whereas a real attacker only needs to find and exploit a single vulnerability, a penetration tester will check all common attack vectors. A penetration test reveals if a real attacker would be able to infiltrate your systems.

Our Pentest Approach

We specialize in penetration testing of Web Applications, IT Infrastructures, Mobile Apps and IoT devices. Our penetration testing approach is based on OSSTMM and OWASP Testing Guide and also meets the requirements of the Payment Card Industry Data Security Standard. Using a structural approach for penetration testing is a key success factor to get repeatable results. After we performed a penetration test, we will create a detailed report. This pentest reports will contain a management summary and a technical description of all identified vulnerabilities.

Pricing of Pentests

Performing a penetration test is always a compromise between its security insight potential and its costs. A typical pentest shows a good balance of these characteristics, delivering very import security insights. The cost of a balanced penetration test is determined primarily by the scope of application and/or size of the IT infrastructure, and depends on the penetration tester's time-effort to examine his target. Whereas a pentest for a small web application will take approximately a day, penetrating a complex IT infrastructure with multiple servers and applications can take weeks. Nevertheless most medium-sized web applications can be tested in a week or less.

For a valid estimate we need information about your web application or infrastructure. Providing some form of access to the web application to get an impression of its complexity and providing basic information about the underlying framework or programming language will help us making you an exact offer. If the penetration test is about an IT infrastructure, you need to send us the corresponding network or IP addresses. In this case we will conduct a simple and non-invasive network scan in order to get a good estimate. After conducting our cost estimation you will receive a comprehensive offer.

To make you an offer, please get in touch with us. If you have any further question, please do not hesitate to contact us.

FAQ

Yes, of course. Please contact us for an offer and an example report.
We use a combination of Open Source tools, licensed commercial tools and some tools we developed ourselves - especially for API fuzzing. We do not use the famous Kali Linux anymore, because we did run in serious issues after upgrades. So we are now using plain old Debian Linux as our operating system when performing penetration tests.

Some of our competitors are stating a list of tools and their versions, but we think this is just some sort of tool bullshit bingo. Of course, we are using nmap & co, but the right set of tools depends on the target and changes during a penetration test.
If you fix vulnerabilities in a timely manner, we will check for free again.

Contact us about Penetration Testing

Do you have questions about our service? Do you like to get an offer? Just get in touch with us. Please use our contact form or call us +49 69 2475607-0.

Pentest Key Benefits

  • Identifying security vulnerabilities
  • Risk-weighted assessment
  • Detailed report
  • Certified experts