A penetration test is an organised attack on IT systems or IT applications to identify possible vulnerabilities. Pentests use the same tools and techniques that real attackers would use to break into a system. A penetration test always includes the use of security tools and carrying out manual tests to uncover vulnerabilities. But while a real attacker only needs to find and exploit one vulnerability, a penetration tester checks all relevant attack vectors. A penetration test thus reveals whether a real attacker would be able to infiltrate your IT applications or IT systems.
We specialise in penetration testing for IT systems, web applications, mobile apps and IoT devices. Our approach is based on the OSSTMM specifications as well as the OWASP Testing Guide and, if requested by the client, also complies with the requirements of the PCI DSS. Having a structured approach is one of the most important factors to be able to deliver reproducible results. After completion of the test, you are given a detailed report. The report includes both a management summary and a technical report about all identified vulnerabilities.
Pentests are always a compromise between effort and cost. Successful pentests offer a good balance between these criteria to facilitate the testing of all relevant attacks and attack vectors. The cost of such a test always depends on the time the penetration tester spends and on the extent and complexity of the IT system or web applications. While a penetration test for a small application takes only about a day, it can take several weeks for a large network. However, most tests can be carried out in less than a week.
Binding offers require prior information about the systems and applications that are to be examined. It is important that we get an initial impression of the target. For web applications, for example, test access can be helpful. Any additional information, e.g. the framework etc., can make it easier for us to draft a suitable offer for you. If you need us to pentest an IT system, we will need the corresponding network addresses in advance. In this particular case, we will first perform a non-invasive network scan to get a first look at your network. We will provide a detailed offer once we can estimate the effort required.
Please get in touch with us if you would like to get a formal quote or if you have any questions.
Do you have a question about our service? Do you need a quote? Use our contact form contact form or call us at +49 69 2475607-0.