SERVICE

Safeguarding your Systems Through Penetration Testing

Examine your organization's ability to withstand internal and external attacks through penetration testing. Strengthen your defenses, thwart breaches, and ensure compliance.

WHAT IS THIS

The Art of Penetration Testing for Ultimate Protection

...

A penetration test, also known as a pen test, is a simulated cyberattack on your computer system to look for exploitable vulnerabilities. When it comes to web application security, penetration testing is typically used as a supplement to a web application firewall (WAF).

Penetration testing can attempt to penetrate any number of application systems (e.g. application protocol interfaces (APIs),

frontend/backend servers) to uncover vulnerabilities such as: B. unsanitized inputs, which are vulnerable to code injection attacks. The insights gained from penetration testing can be used to fine-tune your WAF security policies and remediate identified vulnerabilities.

SERVICE

Our Penetration and Security Testing Services at a Glance

..

Security tests based on the black/grey and white box principles

..

Security tests from external and internal

..

Conducting social engineering campaigns

..

Security reconnaissance and preparatory activities for a simulated attack

..

Automatic and manual security scans

..

Security testing based on the fuzzing principle, using machine learning

..

Regular security scans for defined systems and system environments

..

Regular reporting of potential vulnerabilities and misconfigurations

..

Creation of test plans and organization of tests as part of planned measures

..

Plan and regularly conduct security tests

..

Assessment of interfaces and potential risks in penetration testing

..

Preparation of test reports and recommendation of suitable measures to mitigate and eliminate the findings

PACKAGES

Security Testing and Scanning

Security testing and scanning

Reconnaissance

130€ /A Record (*)

Security scan from the Internet

Standard test cases and procedures

Automatic reporting via email

Security testing and scanning

Security scan

680€ /Tag

Internal and external scan

Standard and specific test cases

Complete audit report

Security testing and scanning

Black box testing

880€ /Tag

Tool-based testing

Specific test cases

Advice and coordinated approach

(*) A scan contains a DNS A record, for a DNS domain All data, without exception, is encrypted during transmission and storage and is therefore always protected against unauthorized access. We would be happy to implement further requirements for you as part of an individual project.

PHASES OF A PENETRATION TEST

A Quick Guide to Robust Security

...

01

Planning

The first phase includes: Determining the scope and objectives of a test, including the systems to be tested and the test methods to be used. Gathering information (e.g. network and domain names, mail servers) to better understand how a target works and its potential vulnerabilities.

02

Scan

The next step involves assessing how the target application responds to intrusion attempts. Static analysis entails examining an application's code to predict its behavior, which can be done in a single pass. Dynamic analysis involves inspecting an application's code in real-time while it runs, providing real-time insights into its performance.

03

Gain Access

In this phase, web applications are tested for vulnerabilities, including cross-site scripting, SQL injection and backdoors. Testers try to exploit vulnerabilities to detect damage such as data theft and traffic interception.

04

Maintaining Access

The goal of this phase is to determine whether the vulnerability can be exploited to achieve a persistent presence in the exploited system - long enough for a bad actor to gain deep access. The idea is to imitate advanced persistent threats that often linger in a system for months to steal an organization's most sensitive data.

05

Analysis

The penetration test results are summarized in a report with exploited vulnerabilities, accessed sensitive data, and the duration of undetected access. Security personnel analyze this data to configure WAF and other security measures for vulnerability remediation and future attack prevention

PENETRATION TESTING METHODS

Exploring Effective for Robust Cyber Security

..

External Testing

External penetration testing targets a company's assets that are visible on the Internet, such as: B. the web application itself, the company website as well as email and domain name servers (DNS). The goal is to gain access and extract valuable data.

..

Internal Testing

In an internal test, a tester who has access to an application behind the firewall simulates an attack by a malicious insider. This does not necessarily simulate a malicious employee. A common starting scenario may be an employee whose login credentials have been stolen in a phishing attack.

..

Blind Tests

In a blind test, the tester is only told the name of the company they are targeting. This gives security personnel real-time visibility into the flow of an actual application attack.

..

Double Blind Testing

In a double-blind test, security personnel have no knowledge of the simulated attack. As in the real world, they don't have time to strengthen their defenses before an attempted break-in.

..

Targeted Testing

In this scenario, both the tester and security staff work together and keep each other updated on their movements. This is a valuable training exercise that provides a security team with real-time feedback from a hacker's perspective.