Penetration test
Detect security vulnerabilities in time and protect valuable data. Organizations need to find unknown security holes in devices, networks, IT systems, applications and mobile devices to protect them from hackers
The advancing digitalization is noticeable in every industry and in every company size. Whether in the chemical and pharmaceutical industry, automotive industry, finance and insurance industry or in small and medium-sized enterprises (SMEs), the changes are the same: processes are digitized and systems are interconnected, critical business applications are increasingly web and/or mobile-based and more and more applications and data are being moved to the cloud.
This opens up new attack options for cybercriminals. This development is also confirmed by the results of our Cybersecurity Trends 2020. The trends show that smart supply chains, vehicles and access to personal data are popular targets for cyberattacks. Data has become a new and highly valuable asset that needs to be protected.
The digital transformation requires new thinking on the part of corporate management and IT managers in terms of cybersecurity and data protection measure since cyberattacks represent a challenge in everyday business that should not be underestimated.
Therefore, identify potential vulnerabilities in your IT infrastructure by means of a penetration test, check the effectiveness of existing protective measures and find out where systems do not meet the security requirements.
Get an objective assessment of your IT security and discover your vulnerabilities before hackers find them.
Detect security vulnerabilities thanks to pentests
With the help of penetration testing, or pentesting, we check your existing IT infrastructure (networks and IT systems) and web applications (e.g. online shops, customer portals, online banking) and mobile applications for potential vulnerabilities that could provide criminals with a target for cyberattacks. In order to uncover vulnerabilities and security gaps and to optimally assess potential risks, our IT experts proceed as follows:
- Preliminary discussion and needs analysis:
Recording of the status quo to determine the goal and scope of the penetration test, according to your situation and risk profile. - Information gathering:
Gathering all information relevant to the attack and viewing the company from an attacker's perspective. - Identification of vulnerabilities:
Detection of potential vulnerabilities through targeted automatic and manual tests. In doing so, we apply similar methods that criminal hackers also use. - Exploitation of security vulnerabilities:
Detection of vulnerabilities by our testers deliberately exploiting security vulnerabilities and attempting to access protected company data, such as customer data. - Reporting
Summary of the penetration test results and all vulnerabilities found as well as recommendations for action to remedy them.
In the financial sector as well as in the automotive industry, penetration tests are already part of regulatory requirements. It is to be expected that other industries will follow because, regardless of the industry sector and the size of the company, sensitive data must be protected. We therefore recommend that you regularly check the security of your IT assets.
Different variants of a penetration test
Various methods can be used to identify vulnerabilities. Which option is the right one for your company depends on your existing IT infrastructure In a personal conversation, we determine your needs and analyze the existing systems to find the right penetration test method for you. Take a look at our pentesting portfolio.
The external penetration test symbolizes the "classic" cyber attack from the outside. Here, our IT security expert attempts to penetrate the company's internal network via the systems accessible from the Internet. The focus of the investigation is on the firewall and systems of the Demilitarized Zone (DMZ - a network that acts as a buffer zone and is monitored by the firewall, such as web or mail servers) in order to subsequently uncover the possibilities of data access or theft. Our experts also try - if allowed - to penetrate the internal network from the DMZ.
In an internal penetration test, the starting point is within the corporate network, i.e. the attacker has already gained access to the internal network. This simulates the case where an attacker is already on an employee's device. Thus, the goal of the internal pentest is to determine what damage can occur if corporate access is criminally misused. An attack from within the company can often cause more damage in less time than an external attack, as some protection systems have already been bypassed or overcome.
In this method, our experts simulate a cyber attack using the tactics, techniques, and procedures of real attackers. We determine the focus and objectives of the Red Team campaign together with you in advance. If required, we work with you to identify the most critical attack vectors - in relation to your cyber resilience - before moving on to an attack simulation.
Compared to a penetration test, the goal of a Red Team campaign is not to uncover as many vulnerabilities as possible, but to achieve the defined campaign objective with a targeted exploitation of relevant vulnerabilities. The results provide you with information about the resilience of your company or division with regard to cyber attacks. In addition, the results help your own experts to optimize internal monitoring systems and processes within the company in order to detect attacks earlier. This minimizes the risk of major damage to your company.
Further information about the Adversary Simulation can be found here in our information flyer.
During the IoT penetration test, our experts check your IoT ecosystem from a hacker's perspective and detect vulnerabilities and security issues. For comprehensive protection, we test the entire IoT ecosystem – all connected services and applications. If required, we can also examine individual components and support you with the following individual services:
- Security analysis of the IoT devices
- Security analysis of mobile applications
- Security analysis of the backend
- Security assessment of the backend
Read detailed information about IoT penetration testing in our related flyer. Learn more .
The web application testing is a penetration test based on the Open Web Application Security Project (OWASP) Testing Guide. The identification of the OWASP Top 10 vulnerabilities are the focus of the investigation. However, our experts also look for less common application-specific vulnerabilities in order to achieve the best possible level of protection for your web application. Afterwards, we summarize the results of the analysis as well as recommendations for remedying the vulnerabilities in a report.
You can find more information in our flyer Security for your web application .
The hack box enables our experts to perform penetration tests remotely. The remote solution is particularly advantageous when the presence of our colleagues is challenging for various reasons (for example home office workplaces, or large geographical distances). The hack box is a specially configured and protected computer that is delivered by mail. The installation of the hack box into the internal network is designed for simplicity and does not require any special prior knowledge, which makes the collaboration between us and the users easy.
You can find out all the details about the process and handling of the hack box here.
Trust our expertise in the field of penetration testing
Our penetration testing services are applicable to many areas of IT infrastructure. These include applications, networks and infrastructures, embedded systems, online stores, the intranet, IoT devices, and self-programmed software. Because we take a holistic view of IT security in your organization, we also offer testing that focuses on organizational, process, and human vulnerabilities rather than just technology. Tests with a focus that is not exclusively technical include phishing attacks, Red Team campaigns or technical security assessments.
The IT security of your company is what we care about. Therefore, with our cybersecurity testing services, we identify any kind of vulnerabilities and security vulnerabilities before others exploit them. In this way, we provide you with an objective overview of your deficiencies and subsequently support you with the appropriate recommendations for remediation. When it comes to cybersecurity audits, you can rely on our specialist and industry expertise, because testing is in our auditors' blood. We replace insecurity with security and help you protect your assets and the trust of your customers. TÜV Rheinland - tested with certainty.
FAQ - Learn more about penetration testing
Would you like to learn more about penetration testing? Our experts have answered the most important questions for you.
Display all
Hide all
Contact
/tuv-rheinland-business-continuity-management-bcm_core_4_3.jpg)
