SERVICE
Safeguarding your Systems Through Penetration Testing
Examine your organization's ability to withstand internal and external attacks through penetration testing. Strengthen your defenses, thwart breaches, and ensure compliance.
WHAT IS THIS
The Art of Penetration Testing for Ultimate Protection
A penetration test, also known as a pen test, is a simulated cyberattack on your computer system to look for exploitable vulnerabilities. When it comes to web application security, penetration testing is typically used as a supplement to a web application firewall (WAF).
Penetration testing can attempt to penetrate any number of application systems (e.g. application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities such as: B. unsanitized inputs, which are vulnerable to code injection attacks.
The insights gained from penetration testing can be used to fine-tune your WAF security policies and remediate identified vulnerabilities.
SERVICE
Our Penetration and Security Testing Services at a Glance
Security tests based on the black/grey and white box principles
Security tests from external and internal
Conducting social engineering campaigns
Security reconnaissance and preparatory activities for a simulated attack
Automatic and manual security scans
Security testing based on the fuzzing principle, using machine learning
Regular security scans for defined systems and system environments
Regular reporting of potential vulnerabilities and misconfigurations
Creation of test plans and organization of tests as part of planned measures
Plan and regularly conduct security tests
Assessment of interfaces and potential risks in penetration testing
Preparation of test reports and recommendation of suitable measures to mitigate and eliminate the findings
PACKAGES
Security Testing and Scanning
Security testing and scanning
Reconnaissance
130€ /A Record (*)
Security scan from the Internet
Standard test cases and procedures
Automatic reporting via email
Security testing and scanning
Security scan
680€ /Tag
Internal and external scan
Standard and specific test cases
Complete audit report
Security testing and scanning
Black box testing
880€ /Tag
Tool-based testing
Specific test cases
Advice and coordinated approach
(*) A scan contains a DNS A record, for a DNS domain All data, without exception, is encrypted during transmission and storage and is therefore always protected against unauthorized access. We would be happy to implement further requirements for you as part of an individual project.
PHASES OF A PENETRATION TEST
A Quick Guide to Robust Security
01
Planning
The first phase includes: Determining the scope and objectives of a test, including the systems to be tested and the test methods to be used. Gathering information (e.g. network and domain names, mail servers) to better understand how a target works and its potential vulnerabilities.
02
Scan
The next step involves assessing how the target application responds to intrusion attempts. Static analysis entails examining an application's code to predict its behavior, which can be done in a single pass. Dynamic analysis involves inspecting an application's code in real-time while it runs, providing real-time insights into its performance.
03
Gain Access
In this phase, web applications are tested for vulnerabilities, including cross-site scripting, SQL injection and backdoors. Testers try to exploit vulnerabilities to detect damage such as data theft and traffic interception.
04
Maintaining Access
The goal of this phase is to determine whether the vulnerability can be exploited to achieve a persistent presence in the exploited system - long enough for a bad actor to gain deep access. The idea is to imitate advanced persistent threats that often linger in a system for months to steal an organization's most sensitive data.
05
Analysis
The penetration test results are summarized in a report with exploited vulnerabilities, accessed sensitive data, and the duration of undetected access. Security personnel analyze this data to configure WAF and other security measures for vulnerability remediation and future attack prevention
PENETRATION TESTING METHODS
Exploring Effective for Robust Cyber Security
External Testing
External penetration testing targets a company's assets that are visible on the Internet, such as: B. the web application itself, the company website as well as email and domain name servers (DNS). The goal is to gain access and extract valuable data.
Internal Testing
In an internal test, a tester who has access to an application behind the firewall simulates an attack by a malicious insider. This does not necessarily simulate a malicious employee. A common starting scenario may be an employee whose login credentials have been stolen in a phishing attack.
Blind Tests
In a blind test, the tester is only told the name of the company they are targeting. This gives security personnel real-time visibility into the flow of an actual application attack.
Double Blind Testing
In a double-blind test, security personnel have no knowledge of the simulated attack. As in the real world, they don't have time to strengthen their defenses before an attempted break-in.
Targeted Testing
In this scenario, both the tester and security staff work together and keep each other updated on their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker's perspective.
