We test your IT for vulnerabilities and risks

The penetration test is a technical security review with which we identify and evaluate vulnerabilities - in a defined scope such as networks, systems and applications. In this way, we also find complex security problems and show you clear and effective countermeasures. In addition, we help you, for example, to use container technologies securely and check the corresponding implementation. We also support you in testing the hardening of your systems (Windows, Linux, macOS) or your Cloud infrastructure.

Would you like to expose your entire company to a simulated attack instead? Then our Attack Simulation is right for you.

Selected references on the subject

Our Services

  • Web applications

    Business success is, in many ways, built on smooth and secure applications. We help you to identify and systematically address vulnerabilities that may impair your security. To do this, we perform active tests in the role of the attacker. Source code reviews are also available as an additional option. Our web penetration tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security trainings for your developers.

  • Mobile apps

    The business world would now be inconceivable without mobile applications (apps). They are often used to handle sensitive data which can be accessed through backend components. We check the security of individual apps and their matching backends. Our tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security training for your developers.

  • IoT & hardware

    The Internet of Things (IoT), especially in combination with cloud-based solutions, is growing rapidly and opening up a world of new opportunities. IoT devices and their requirement to work with modern cloud environments place additional challenges on security. We assist you in ensuring the security of IoT from the concept to the security verification of hardware components, from the update strategy to the JTAG interface.

  • Networks & cloud infrastructures

    Whether traditional on-premises networks, software-defined networking (SDN) or multi-cloud infrastructures: data is constantly on the move and is exchanged between different systems. A stable and secure network with all its distributed components enables this exchange. We check that only authorized persons can access sensitive connections and data and that data, systems and resources are adequately protected.

  • Network & infrastructure services

    Network and infrastructure services such as Active Directory (AD) / EntraID, IAM, DNS, PKI or container technologies form the backbone of every network, both on-premises and in the cloud, and enable the standardization and flexibilization of the ICT landscape. Each new component demands new security requirements and increases the complexity of the entire ecosystem. We help you to check the use and interaction of your network and infrastructure services from a technical perspective and identify attack vectors not only in the individual components, but also in the interaction of all components.

  • System hardening

    Secure provisioning of applications is built around the operating system. We review whether your operating system (Windows, MacOS, Linux) is adequately hardened and therefore consistent with the necessary security level. In addition we can also support you in hardening your cloud environment based on platforms like Microsoft Azure, Amazon Web Services (AWS) and Cloud Computing Services (GCP).

Proven methods and standards

Our fundamental approach to penetration testing is based on the internationally recognised penetration testing execution standard (PTES). This makes all steps traceable and transparent for you.

In addition to PTES as a methodology, our security testers apply other best practices and standards on a topic-by-topic basis. For example, we test web applications on request according to the OWASP top 10 or the OWASP Testing Guide.

Why your company benefits from a penetration test

  • Identify technical vulnerabilities and risks
  • Receive a comprehensible summary of results for management level
  • Assessment in your business context, not a generic risk assessment
  • Detailed documentation of each risk for quick and targeted action
  • The results allow conclusions to be drawn about the maturity of operational processes (e.g. change and patch management)