Penetration Testing

What is a penetration test?

A penetration test (pentest for short) or also known as pentesting is a comprehensive security test of individual computers, servers and/or networks of any size as well as web applications.
The tester is able to exploit the security vulnerabilities in the existing system(s) and use appropriate methods to penetrate without authorization.

This type of testing is becoming more and more important in times of increasing digitalization.
With the help of a pentest, the vulnerabilities or security holes are revealed throughout the entire critical IT infrastructure.

Why is a penetration test important?

For companies of any industry, regardless of the number of employees or the size of the IT infrastructure, a penetration test is important. As these IT security checks provide information about existing security gaps and vulnerabilities.
Such vulnerabilities can lead, for example, to identity theft, general theft of sensitive data and the theft of money.

Furthermore, the pentest determines how the existing IT infrastructure reacts to possible attacks, whether sensitive data could be stolen and if Trojans and viruses could be introduced.

The final reports by our specialists provide clear results on the current security status of the infrastructure, the exact potential for improvement and where there is a general need for action. We will be happy to advise you on this in advance.

Is a penetration test risky?

No.
In penetration testing, the goal is not to compromise applications, steal data, or disable IT infrastructure, but to uncover vulnerabilities and find security holes.

The tests are performed by our, qualified personnel, who have years of professional expertise in the field of pentesting.
In addition, our pentesters have numerous qualifications such as CEH, OSCP, CISA and others.

How long does a penetration test take?

The duration of a penetration test can range from days to weeks.

The actual duration varies depending on the size of the company, the complexity of the IT infrastructure, the type of penetration test and the final reporting. Please feel free to contact us for an individual quote or further questions.

What are the different types of penetration tests?

There are three main types of penetration tests: black-box, grey-box and white-box.

Black-Box
In a black-box pentest, our specialist (pentester) has no information about the company's IT infrastructure.
The typical procedure of a cyber attack is imitated and an attempt is made to penetrate the infrastructure. Usually, the IT department in the company is not informed about the test in order to simulate an attack that is as close to reality as possible. A black-box network test is therefore the most detailed and realistic assessment of the security systems and, accordingly, the most time-consuming.

Grey-Box
In a grey box test, the penetration tester has the access rights of an internal user, thus knows the system and uses this user account to perform the test.
Grey-box pentests are suitable for targeted security analysis because the testers can already act with prior knowledge without having to penetrate the infrastructure externally, as previously described for the black-box test.

White-box
In a white-box pentest, the tester works with the company's internal IT department and already has extensive knowledge of the infrastructure.
By looking at all systems, many vulnerabilities can be uncovered, but often the link to real threats, as in the black-box test, is not given.

We would be happy to discuss with you which of the listed penetration tests is suitable for you. Please contact us via the contact form or send us an email.

How do I book a pentest?

You are welcome to contact us by email, phone or via our contact form or book a free initial analysis. Our team will contact you as soon as possible.

Free initial analysis

FAQ

What is penetration testing and its types?

Penetration testing, or pen testing, is a practice of ethical hacking deployed by companies that wish to put the performance of their cybersecurity teams and tools under scrutiny. Pen testing can be performed by in-house experts or by employing external ethical hackers.

Pen testing types are categorized by target, and by approach. In terms of target, pentesting types include network services, web applications, social engineering, client-side, wireless, and physical penetration testing. In terms of approach, the most common types of penetration testing include black box, white box, blue team, and red team pen tests.

What is black box and white box testing?

In black box testing, an authentic hacking attempt is orchestrated. The attacking team needs to pass through all the usual stages, including reconnaissance, infiltration, establishing a foothold, and finding exploitable weaknesses. The authenticity of black box network penetration testing is equal to a real cyber-attack, which makes this approach ideal for companies that want to test the full performance of their system’s defenses. Black box testing is the opposite of white box testing in which the attackers are given precise information about system vulnerabilities, operating tools, and the personnel guarding the system.

What is blue team testing?

Blue team testing is often called in-house penetration testing. The blue team consists of individuals that are protecting the company’s assets. They evaluate and defend an organization’s security from red teams. These red teams play the role of attackers by identifying security vulnerabilities and launching attacks within a controlled environment. Both teams combine to reveal and strengthen the true state of an organization’s security. The main disadvantage of blue team testing is that the team needs to perform an array of different tasks, which means that there is more room for error.

What is red team testing?

Red box testing is linked to network penetration testing performed by licensed penetration testers, which are typically referred to as the ‘red team’. In red team testing, the blue team is not aware of the existence of the red team. The attackers are free to decide which tools they will use and which vulnerabilities they will try to exploit. The blue team is supposed to catch them in their efforts and prevent them from infiltrating the system. The purposes of red team testing are many, but the end goals are to determine the competency of the blue in-house team, and evaluate the performance of the current cybersecurity defences.

What is Pentest used for?

What does pen testing look for?

In a complex penetration testing operation, the pen test would look for:

Exploitable connectivity issues, such as open ports or unpatched applications
Injection vulnerabilities through DoS attacks
Encryption flaws with ransomware or spyware
The efficiency of the internal team through spyware

Ethical hackers do not simply flood the system with every virus and malware they find. A pentesting session is orchestrated and executed by professionals that probe numerous types of cybersecurity defenses before launching a specific attack.

What is an example of penetration testing?

A textbook example of penetration testing revolves around a company employing an ethical hacker to collect data from its system. The hacker is only given the name of the website and deploys spyware to infiltrate. In a more complex scenario, the hacker would initially fail and deploy botnets instead. Whether the hacker fails or succeeds, they submit a report to the employer about discovered vulnerabilities.

How long is pen testing?

What does a PenTest cost?

The cost of a pen testing operation depends on numerous factors, including the size of the company, the experience of the teams, and more importantly, desired effects.

Probing a system’s defenses is typically not as expensive as launching an all-out attack with a mission to overcome all barriers. The size of the company affects the size of the team that needs to be deployed; the remediation costs also play a factor.

Basic pen tests typically cost the same as educating an in-house team on how to use SaaS-based pen testing tools, which is usually several thousand dollars. Large-scale pen testing operations can cost tens of thousands of dollars.

What is PenTest certification?

PenTest certification is awarded to individuals that pass rigorous exams and attest to their ability to efficiently perform advanced ethical hacking tasks. Some of the most distinguished pentest certifications include CEH certification (Certified Ethical Hacker), Licensed Penetration Tester certification (LPT), Certified Penetration Tester (CPT), and Certified Expert Penetration Expert (CEPT).

Are You Interested in Pentests?

If you have any questions, please feel free to contact us. We are looking forward to your message.