
Penetration Testing
A penetration test (pentest) is a systematic testing process to assess the current IT security level of computer systems. The general goal is to discover as many security vulnerabilities as possible in your organization's technical systems in the shortest possible time.
In the practical execution of a penetration test, there are a few different variations that have a strong influence on complexity, probability of success and, of course, the costs. We are happy to advise you on the choice of individual parameters to find the optimal approach to achieve your goals.
External systems
In this variant, all systems that can be reached via the Internet are subjected to the technical audit. In today's highly networked world, there are many systems that can be accessed via the Internet and are thus naturally exposed to corresponding attacks.
Typical systems are: Email servers, VPN servers, interfaces (API) for mobile services, classic websites and online platforms (e.g. eCommerce, supplier/purchasing platforms, ...) as well as cloud services.
Internal systems
In this variant, the internal systems and local networks are subjected to a technical audit. Typically, many IT systems and applications are operated in these areas, which are sealed off from the outside world. Unfortunately, cyber criminals regularly manage to overcome the external protection mechanisms (e.g., firewall, etc.) of companies and cause considerable damage to internal systems (keyword: cryptolocker).
Typical systems are: Various server systems, Active Directory, file share services, enterprise applications (e.g., SAP, ...) and of course corresponding client systems (e.g. Windows).
Vulnerability Assessment
The vulnerability assessment represents the absolute basis of every penetration test. Our experts use common standard and highly automated tools. On top of that, CERTAINITY offers validation of the scan results and can thus effectively remove unwanted false positives from the reports. This is an important step as false positives significantly reduce confidence in the scan results. With the help of this assessment, we identify the vulnerabilities in your software and the supporting infrastructure before a compromise can take place. They form the basis for further tests or can serve corresponding compliance requirements.
With a penetration test from CERTAINITY, you can preventively identify technical security gaps in your IT systems. For the detected security problems, you receive corresponding solution proposals and recommendations with which you can sustainably increase your IT security level and measurably reduce your risks.
Make an individual appointment to discuss your questions and objectives with the experts at CERTAINITY. We will be happy to advise you on the choice of individual parameters to find the optimal approach to achieve your goals. |
In case of emergency, you can reach our experts of the CERTAINITY Computer Emergency Response Team (CERT) at CERT@certainity.com or call us:
GERMANY: +49-800-CERTAIN (+49-800-2378246)
AUSTRIA/Rest of Europe: +43-664-888 44 686