Penetration Tests

Detect security vulnerabilities in time and protect valuable data.

The advancing digitalization is noticeable in every industry and in every company size. Whether in the chemical and pharmaceutical industry, automotive industry, finance and insurance industry or in small and medium-sized enterprises (SMEs), the changes are the same: processes are digitized and systems are interconnected, critical business applications are increasingly web and/or mobile-based and more and more applications and data are being moved to the cloud.

This opens up new attack options for cybercriminals.This development is also confirmed by the results of our Cybersecurity Trends 2024 , which show that cyberattacks are increasingly threatening the existence of companies and that attacks are becoming more and more professional. The growing importance of cyber resilience is also reflected in the constantly increasing regulation in this area, some of which even require penetration tests to be carried out.

The digital transformation requires new thinking on the part of corporate management and IT managers in terms of cybersecurity and data protection measure since cyberattacks represent a challenge in everyday business that should not be underestimated.

Penetration Tests by TÜV Rheinland – Your benefits

✔ Identify vulnerabilities early – We detect security gaps before attackers can exploit them.

✔ Ensure compliance – Meet all relevant security standards and strengthen the trust of your customers and partners.

✔ Certified experts – Our testers are highly qualified and hold recognized certifications such as OSCP.

✔ State-of-the-art attack scenarios – Our experts stay up to date with the latest threats through continuous training.

✔ Technical specialization – Each tester focuses on a specific area to ensure maximum expertise.

✔ Efficient project management – Clear processes, structured reports, and professional management ensure smooth testing.

✔ Realistic attack simulation– Our Red Team campaigns demonstrate your organisation's resilience to modern, targeted cyber attacks and provide practical suggestions for improving your detection and response capabilities.

✔ TÜV Rheinland stands for quality and expertise – As an experienced and independent testing body, we offer penetration tests that meet the highest standards.

Therefore, identify potential vulnerabilities in your IT infrastructure by means of a penetration test, check the effectiveness of existing protective measures and find out where systems do not meet the security requirements.

Get an objective assessment of your IT security and discover your vulnerabilities before hackers find them.

Facts about the penetration test | TÜV Rheinland

Different variants of a penetration test

Various methods can be used to identify vulnerabilities. Which option is the right one for your company depends on your existing IT infrastructure In a personal conversation, we determine your needs and analyze the existing systems to find the right penetration test method for you. Take a look at our pentesting portfolio.

Penetration Testing for Large Language Models (LLMs)

External penetration test

Internal penetration test

Adversary Simulation (Red Team Campaign)

Testing of embedded systems, medical devices & automotive components

Source Code Analysis

Web Application Testing

Remote penetration test (hack box)

Companies are increasingly deploying Large Language Models (LLMs) in chatbots, assistant systems, or automated decision-making processes. However, these powerful AI models pose significant security risks – ranging from uncontrolled data leaks to manipulation through targeted attacks. With our specialized LLM penetration testing, we identify vulnerabilities and help you secure your AI models reliably.

What vulnerabilities do we test for?

Our tests are based on the OWASP LLM Top 10 and cover, among others, the following risks:

Prompt Injection: Manipulating input prompts to alter the model’s behavior or extract confidential information.
Data Leaks: Unintentional disclosure of sensitive data from the training process or during use.
Model Theft: Unauthorized access to the model to replicate it or use it for malicious purposes.
Training Data Poisoning: Insertion of manipulated training data to influence model outputs.
Misuse and Security Gaps: Exploiting LLMs for disinformation, spam, or social engineering, as well as insecure API usage.

The external penetration test symbolizes the "classic" cyber attack from the outside. Here, our IT security expert attempts to penetrate the company's internal network via the systems accessible from the Internet. The focus of the investigation is on the firewall and systems of the Demilitarized Zone (DMZ - a network that acts as a buffer zone and is monitored by the firewall, such as web or mail servers) in order to subsequently uncover the possibilities of data access or theft. Our experts also try - if allowed - to penetrate the internal network from the DMZ.

In an internal penetration test, the starting point is within the corporate network, i.e. the attacker has already gained access to the internal network. This simulates the case where an attacker is already on an employee's device. Thus, the goal of the internal pentest is to determine what damage can occur if corporate access is criminally misused. An attack from within the company can often cause more damage in less time than an external attack, as some protection systems have already been bypassed or overcome.

In this method, our experts simulate a cyber attack using the tactics, techniques, and procedures of real attackers. We determine the focus and objectives of the Red Team campaign together with you in advance. If required, we work with you to identify the most critical attack vectors - in relation to your cyber resilience - before moving on to an attack simulation.

Compared to a penetration test, the goal of a Red Team campaign is not to uncover as many vulnerabilities as possible, but to achieve the defined campaign objective with a targeted exploitation of relevant vulnerabilities. The results provide you with information about the resilience of your company or division with regard to cyber attacks. In addition, the results help your own experts to optimize internal monitoring systems and processes within the company in order to detect attacks earlier. This minimizes the risk of major damage to your company.

Further information about the Adversary Simulation can be found here in our information flyer.

During the IoT penetration test, our experts check your IoT ecosystem from a hacker's perspective and detect vulnerabilities and security issues. For comprehensive protection, we test the entire IoT ecosystem – all connected services and applications. If required, we can also examine individual components and support you with the following individual services:

Security analysis of the IoT devices
Security analysis of a medical device
Security analysis of automotive components
Security analysis of mobile applications
Security analysis of the backend
Security assessment of the backend

Read detailed information about IoT penetration testing in our related flyer. Learn more.

Software can conclude programming errors, security gaps or functions, which can be abused for cyberattacks. The source code audit analysis is capable of detecting those potential safety risking weak points in the functionality and structure of the application.

Already during the development phase we highly recommend our audit as quality assurance measure.

For this purpose, our specialists need access to the entire source code or selected modules, which are analyzed by us from a development perspective using automated tools and manual means.

You receive a detailed report, documenting weak points and identifying suitable measures for targeted remediation.

Request a quote now.

The web application testing is a penetration test based on the Open Web Application Security Project (OWASP) Testing Guide. The identification of the OWASP Top 10 vulnerabilities are the focus of the investigation. However, our experts also look for less common application-specific vulnerabilities in order to achieve the best possible level of protection for your web application. Afterwards, we summarize the results of the analysis as well as recommendations for remedying the vulnerabilities in a report.

You can find more information in our flyer Security for your web application.

The hack box enables our experts to perform penetration tests remotely. The remote solution is particularly advantageous when the presence of our colleagues is challenging for various reasons (for example home office workplaces, or large geographical distances). The hack box is a specially configured and protected computer that is delivered by mail. The installation of the hack box into the internal network is designed for simplicity and does not require any special prior knowledge, which makes the collaboration between us and the users easy.

You can find out all the details about the process and handling of the hack box here.

Red Team Campaign (Adversary Simulation)

In this campaign, our experts will simulate a targeted cyber-attack on your company, using the same tactics, techniques and procedures as real attackers. Unlike traditional penetration tests, the focus is not on identifying vulnerabilities across the board, but on successfully exploiting critical attack vectors to achieve defined campaign goals.

The aim is to realistically test your organisation's cyber resilience, identify specific weaknesses in your processes, technology and response, and provide valuable insights to improve your IT security. We define the focus, objectives and attack vectors in close consultation with you in advance, e.g. gaining access to sensitive data, circumventing security mechanisms or intruding into systems undetected.

The results show how resilient your company is against modern attacks and provide targeted recommendations for optimising your monitoring, detection and response processes. Red team campaigns therefore help to identify risks at an early stage and prevent damage effectively. You will find details of our services that can be used as part of a red team campaign below, or booked independently.

Red Team Campaign

Threat-Led Penetration Testing (TLPT)

Physical Security Analysis

Phishing Awareness Campaign

As part of a Red Team Campaign, we typically assist companies in identifying critical attack vectors based on their specific threat landscape. First, we work with you to define the campaign's goals, scope and rules. Our red team then carries out simulations of advanced attacks, such as those carried out by cybercriminals, without alerting the IT security department in advance. This reveals vulnerabilities in monitoring systems and detection mechanisms. Our detailed final report highlights the attack vectors used and provides specific recommendations for optimizing your security measures and staying one step ahead of cybercriminals.

Threat-Led Penetration Testing (TLPT) is a structured form of attack simulation and a development of traditional red team methods in IT and information security. Since the EU-wide Digital Operational Resilience Act (DORA) came into force, TLPT has become mandatory for many financial institutions.

Our experts will guide you through every phase of the TLPT process, from planning and defining objectives (scoping), to realistic implementation and evaluation, and finally deriving concrete measures to strengthen your cyber resilience.

We simulate targeted intrusion attempts to test the effectiveness of your physical security measures. Our aim is to access security-critical areas such as offices, server rooms and archives, or even infiltrate the internal network, without being noticed — just as real attackers would try to do.

In advance, our experts gather specific information from publicly available sources (OSINT), through on-site observations or telephone research. Based on this information, we analyze potential vulnerabilities in buildings, access controls, and organizational processes. Working together with an internal contact person, we coordinate the procedure and develop realistic access scenarios, which are then tested in practice.

The outcome is that you receive a comprehensive evaluation of whether your access regulations, security processes, and employee behavior can withstand a realistic attack. At the same time, we raise awareness of potential risks among your teams and provide concrete recommendations for optimizing your physical security measures.

Targeted phishing campaigns are an effective way of raising your employees' security awareness. Our simulated attacks use realistic scenarios tailored to your company, based on current attack methods and your internal structure. We test your employees' behaviour using specially prepared phishing emails, fake websites and scenario-based/customised malware simulations, and redirect them to TÜV training pages if they click on a link.

We work with your internal contacts to develop realistic attack scenarios, present them, and carry out the campaign flexibly over several days or weeks. Our aim is to identify specific gaps in the actions of individual employees or entire departments, providing decision-makers with a sound basis for further measures.

The result is a detailed report containing clear figures and graphics, as well as a thorough evaluation of user behaviour. This enables targeted and effective training measures to be designed.

Detect security vulnerabilities thanks to pentests

General procedure of a penetration test | TÜV Rheinland

With the help of penetration testing, or pentesting, we check your existing IT infrastructure (networks and IT systems) and web applications (e.g. online shops, customer portals, online banking) and mobile applications for potential vulnerabilities that could provide criminals with a target for cyberattacks. In order to uncover vulnerabilities and security gaps and to optimally assess potential risks, our IT experts proceed as follows:

Preliminary discussion and needs analysis:
Recording of the status quo to determine the goal and scope of the penetration test, according to your situation and risk profile.
Information gathering:
Gathering all information relevant to the attack and viewing the company from an attacker's perspective.
Identification of vulnerabilities:
Detection of potential vulnerabilities through targeted automatic and manual tests. In doing so, we apply similar methods that criminal hackers also use.
Exploitation of security vulnerabilities:
Detection of vulnerabilities by our testers deliberately exploiting security vulnerabilities and attempting to access protected company data, such as customer data.
Reporting
Summary of the penetration test results and all vulnerabilities found as well as recommendations for action to remedy them.

In the financial sector as well as in the automotive industry, penetration tests are already part of regulatory requirements. It is to be expected that other industries will follow because, regardless of the industry sector and the size of the company, sensitive data must be protected. We therefore recommend that you regularly check the security of your IT assets.

Request penetration test without obligation

Trust our expertise in the field of penetration testing

Our penetration testing services are applicable to many areas of IT infrastructure. These include applications, networks and infrastructures, embedded systems, online stores, the intranet, IoT devices, and self-programmed software. Because we take a holistic view of IT security in your organization, we also offer testing that focuses on organizational, process, and human vulnerabilities rather than just technology. Tests with a focus that is not exclusively technical include phishing attacks, Red Team campaigns or technical security assessments.

The IT security of your company is what we care about. Therefore, with our cybersecurity testing services, we identify any kind of vulnerabilities and security vulnerabilities before others exploit them. In this way, we provide you with an objective overview of your deficiencies and subsequently support you with the appropriate recommendations for remediation. When it comes to cybersecurity audits, you can rely on our specialist and industry expertise, because testing is in our auditors' blood. We replace insecurity with security and help you protect your assets and the trust of your customers. TÜV Rheinland - tested with certainty.

FAQ - Learn more about penetration testing

Would you like to learn more about penetration testing? Our experts have answered the most important questions for you.

General questions & answers
Penetration Testing for Industrial Companies

Show all Hide all

What testing methods are used in a penetration test?

Our methods for a penetration test are tailored to the maturity level of your IT security.

For companies with a low level of IT security maturity, our recommendation is to perform a vulnerability assessment, which will automatically reveal most of the known and automatically exploitable vulnerabilities in your systems.

If your company has an average IT security maturity level, our recommendation is to perform a penetration test on your systems. The penetration test uses manual and automated tests to identify and exploit vulnerabilities and security vulnerabilities. This gives our IT security experts a deeper insight into the vulnerability of your systems and networks.

If the maturity level of your IT security is appropriately high due to high-quality security systems and processes, our IT security experts conduct an Adversary Simulation (Red Team Campaign), which simulates a real targeted attack on your company. The results provide you with insights into your company's resilience against a cyber attack and provide answers to the following questions, among others:

Is my company capable of detecting a targeted attack?
Is my company able to respond appropriately to a cyber attack?
Is an attacker able to steal my important assets undetected?

Irrespective of the test methods mentioned, we recommend that a security assessment be carried out by our IT security experts. A security assessment uses structured interviews to identify vulnerabilities and security issues that cannot usually be uncovered using the classic methods of a penetration test.

What is tested during a penetration test?

A penetration test can be applied flexibly. The entire company network (internal and external) can be part of the test, but also only partial areas such as your online shop. Furthermore, (I)IoT devices, embedded systems and/or control units in automobiles can also be the focus of a penetration test.

We help you choose the right approach for your purpose. Contact us for an individual needs analysis.

Are web applications tested according to OWASP?

For a penetration test for a web application, e.g. your online shop, we proceed according to the OWASP (Open Web Application Security Project) Testing Guide and thus also cover the OWASP Top 10. The OWASP Top 10 provides information about the most frequently identified vulnerabilities in web applications.

Are CVSSv3 scores used?

While we generally use our own simplified Risk Rating, on request we can use the Common Vulnerability Scoring System (CVSS), which derives a criticality measure from the essential properties of a vulnerability. Of course, we can also provide the so-called CVSS vector in addition to the CVSSv3 score.

As a small/medium or large business, do I need protection from cyber-attacks and network attacks?

Yes, every company offers a worthwhile target for attackers. Particularly in the case of small and medium-sized businesses, hackers assume that there are fewer security and protection measures in place and therefore prefer to attack them.

Is a one-time penetration test sufficient?

A penetration test is always a snapshot. Both the attacks and the tested infrastructure or application evolve, so that the results of a test become less meaningful over time. Therefore, such tests should be performed regularly. It is not always necessary to test all aspects equally, but you can focus on the changes during a regular test. As a rule, however, a complete retest should be carried out after two years at the latest.

What are the benefits of penetration testing for my company?

More and more business processes are being digitized and systems interconnected. This digitalization creates opportunities for hackers to infiltrate your systems. A penetration test helps you identify potential entry points for attackers and close discovered vulnerabilities through appropriate measures. Penetration testing enables you to detect security gaps in your IT infrastructure before hackers do. This protects not only your assets but also your reputation and customer trust in your brand.

For which applications can penetration tests be carried out?

Penetration tests can be conducted on almost all digital systems. Our experts carry out a wide range of tests, e.g., on B2B portals, cloud applications, and embedded systems such as control units. The methodology and scope strongly depend on the company's cybersecurity maturity level. Internal and external penetration testing is often a good starting point for gaining insight into your systems' vulnerabilities.

Are there any preparations or prerequisites needed before performing a penetration test?

No elaborate planning is required. Only personnel resource planning is necessary so we can discuss your individual needs in advance. During the test, a point of contact should be available for questions.

The basic requirement is that our experts have access to the corporate network and the systems to be tested. Whether additional information or access is needed depends on the test type.

In a black box test, our experts only receive network-level access to the systems. In a white box test, full system access is required, along with detailed knowledge of components and their interactions. A good compromise is the gray box test, where non-administrative access is typically provided.

How is data protection ensured during testing?

We take data protection seriously and handle your data responsibly. If systems or databases containing personal data are tested, we recommend contractually regulating the handling of such data.

During the test, we may come into contact with personal data, e.g., if a vulnerability grants access to a database containing such information. Therefore, data protection is a fixed component of our penetration testing contracts.

Does the penetration test reliably find all vulnerabilities?

A penetration test cannot uncover every possible vulnerability. As with any test: the deeper and broader the test coverage, the higher the likelihood of discovering vulnerabilities. For comprehensive IT security, a holistic cybersecurity concept is essential. Penetration testing is a vital part of achieving this.

What happens if a vulnerability is found?

If we find critical vulnerabilities, we will contact you during the test. You will receive an initial technical assessment and recommendations for remediation. Implementing these measures is your responsibility.

Less critical issues are summarized in a report. After the test, we provide a report with recommended actions to address the identified vulnerabilities.

What follow-up costs could arise?

Fixing identified vulnerabilities is recommended. Costs vary depending on severity and required measures. Some fixes are minor, like changing a code value from 0 to 1. Others may require process changes, which are more time-consuming and costly. These decisions and implementations are not part of the test itself but we offer advisory support.

What are the risks of undetected vulnerabilities?

The consequences can be severe and vary greatly—from a single system failure to full production outages lasting several days. A search for "WannaCry" and "production outage" shows real-world examples. Each company must assess what data loss, manipulation, or system downtime could mean for them. Undiscovered vulnerabilities can lead to worst-case scenarios.

Is a certificate or seal issued after the test for communication or marketing?

A penetration test aims to uncover vulnerabilities—it is not a certification or proof of security. A report showing no issues does not imply the system is fully secure.

Why perform a penetration test if our IT department already handles security?

Penetration testing is a specialized skill requiring deep technical knowledge and training. Our staff is highly trained and focused solely on penetration testing.

Mixed-role approaches (e.g., internal staff doing pentests on the side) often yield unreliable results. That’s why we recommend using dedicated experts—like those at TÜV Rheinland.

Some companies have their own pentest teams, and we support them too. As external experts, we provide a neutral view and can often identify different vulnerabilities than internal testers who know the system too well.

Does a positive test result diminish the work of our IT department?

Vulnerabilities arise for many reasons and do not reflect poorly on IT performance. Even leading IT companies regularly find issues. What truly reflects IT quality is how test results are handled and addressed.

pdf	IoT with Security	168 KB	Download
pdf	Red Team Engagements	209 KB	Download
pdf	Penetrationtest	581 KB	Download

Local Privilege Escalation Vulnerability in Akamai Guardicore Platform Agent

discover more

Our Cybersecurity Trends

discover more

Our Sustainability Initiatives

Nothing less than the future is at stake. Companies, institutions, public authorities and each and every one of us can play a positive role in shaping the path to tomorrow. We provide you with comprehensive support to ensure that you operate safely, sustainably and efficiently for many years to come.