In this variant, all systems that can be reached via the Internet are subjected to the technical audit. In today's highly networked world, there are many systems that can be accessed via the Internet and are thus naturally exposed to corresponding attacks.

Typical systems are: Email servers, VPN servers, interfaces (API) for mobile services, classic websites and online platforms (e.g. eCommerce, supplier/purchasing platforms, ...) as well as cloud services.

In this variant, the internal systems and local networks are subjected to a technical audit. Typically, many IT systems and applications are operated in these areas, which are sealed off from the outside world. Unfortunately, cyber criminals regularly manage to overcome the external protection mechanisms (e.g., firewall, etc.) of companies and cause considerable damage to internal systems (keyword: cryptolocker).

Typical systems are: Various server systems, Active Directory, file share services, enterprise applications (e.g., SAP, ...) and of course corresponding client systems (e.g. Windows).

The vulnerability assessment represents the absolute basis of every penetration test. Our experts use common standard and highly automated tools. On top of that, CERTAINITY offers validation of the scan results and can thus effectively remove unwanted false positives from the reports. This is an important step as false positives significantly reduce confidence in the scan results. With the help of this assessment, we identify the vulnerabilities in your software and the supporting infrastructure before a compromise can take place. They form the basis for further tests or can serve corresponding compliance requirements.