core competence - ethical hacking
A penetration test is a simulated attack on networks, applications, interfaces or devices. As opposed to real-life attacks, it is not intended to cause any harm but acts as a method to detect vulnerabilities and secure infrastructure. In the course of those attack simulations, experts are able to identify weaknesses and at the same time propose mitigations to improve security.
We pursue a risk-based approach: As a first step, perimeter systems with a direct connection to the internet are evaluated as they are exposed to the broadest range of threat actors. The next steps includes targeted testing of internal networks or core applications to reduce the overall attack surface as far as possible.
To achieve a sustainable effect, penetration tests should be performed recurrently. That way it can be ensured that previously identified vulnerabilities have been mitigated and that no new weaknesses were introduced in the meantime.
When performing security audits, we heavily rely on manual work. While tools are used to automate certain recurring tasks, all results are manually verified by a seasoned security expert. According to customer requirements, a proof-of-concept may be developed for the exploitation vulnerabilities if deemed necessary.
Penetration Testing - Portfolio
Web Application Testing
Web applications are usually available to a larger audience, be it via the internet or via an internal network. As such, they are often exposed and constitute a significant risk. Another circumstance contributing to that is that web applications are usually created with a focus on a rapid development time and a comfortable user experience. Security aspects are frequently overlooked or neglected.
A penetration test is an important tool to identify and prioritize risks and allows for targeted and risk-based allocation of resources for mitigation efforts. Improve the security of your websites, onlineshops or webportals and help to protect your customer's and your own data!
Application interfaces are part of almost any modern application and provide crucial functionality for exchanging and retrieving data. Simultaneously, this also presents a potential security risk, because the communication of the applications takes place at this point, which makes it an vulnerability spot.
We assess APIs for security relevant aspects such as proper implementation of access controls or defences against injection attacks. Only a well-secured API will allow your authorized users to obtain correct datasets while others don't.
No matter whether you release a mobile application for marketing, to facilitate company processes or develop a product for the end-user - the way the application is secured reveals a lot about the importance of IT security in your business.
A penetration test allows you to identify potential weaknesses and as such prevents misuse of customer data. It contributes to protect your company's reputation as well as being responsible about security issues.
Infrastructure Penetration Testing
The IT-infrastructure is the backbone of every organisation and a popular target for threat actors. Customer Wifi, VPN-Server for remote workers or internet-facing server - they're in the attackers' crosshairs.
Uncovering vulnerabilities, a penetration test helps to mitigate weaknesses in the infrastructure. That way you can secure it before data is lost, systems become unavailable or stored information is manipulated.
Possible Approaches for Penetration Tests
Black Box Approach
In this scenario we test a system which we have no knowledge of. Neither do we have access to the source code, nor do we have any background information about architecture of it. This approach is often chosen for web applications and best reflects the situation a real-world attacker finds himself in. However, the effort required for such a test is comparatively extensive and it is harder to gain a holistic overview of the tested system.
Grey Box Approach
The most crucial information has been exchanged via the target system. For instance, this includes the URL of the application and user log-in information, that represents different user roles. The Grey box test is the most effective way to examine your application. Due to the lack of extensive information research, compared to the black box test, more attention can be paid to the detection and exploitation of security vulnerabilities.
White Box Approach
For the white box approach, the tester has knowledge of all details about a target system. Part of such a assessment is among others also a review of source code and an audit of architecture and infrastructure. While being the most accurate, this approach is also the one associated with the most extensive effort.
Free project consultation
Tell us about your plans and we will discuss the best solutions for the implementation of your project. Already after the first meeting we will present realistic project deadlines and a calculation of costs to you.
Trust us with your project and you can certainly expect a competent and professional service. We know our qualities and abilities. Convince yourself, starting with the first interview.