current language
World Site available in the following languages:
or select your TÜV Rheinland country website:

Penetration Tests and IT Security Analysis

Penetration Tests and IT Security Analysis

Security Advisory – NotPetya – June 27, 2017

pdf TÜV Rheinland Security Advisory NotPetya 226 KB Download

Detect Vulnerabilities - Protect Against Industrial Espionage

By exploiting vulnerabilities in computer networks, IT systems, applications or mobile devices, criminal hackers can penetrate organizations and manipulate or steal sensitive business and customer data. No company is too small or insignificant for an attack, and many companies have already been compromised. Do you know the vulnerabilities of your systems and applications that can be exploited by an attacker?

Anticipate hackers - with a simulated and targeted cyber-attack
We analyze your IT infrastructure through a hacker’s point of view. Our experts simulate a realistic cyber-attack and detect vulnerabilities in your infrastructure before attackers can exploit them. We will inform you if and how vulnerable your IT infrastructure is and what consequences this may have for your business. In addition, we recommend remediation steps to enable you to better protect your organization including your customer data and your intellectual property.

Your Benefits at a Glance

With a penetration test or an IT security analysis by TÜV Rheinland, you receive:

  • A qualified overview of the specific vulnerabilities in your computer network, IT systems, applications or mobile devices
  • Recommendations for effective countermeasures to correct the identified vulnerabilities efficiently and permanently.
  • Experts with cross-industry experience and professional competence in various technical areas.
  • A competent partner for the protection of your organization according to national and international standards and best practices in IT security
  • A reliable and objective assessment of the effectiveness of your IT security measures.
  • Support to reduce the liability risk for directors or managers.
  • A comprehensive assessment of the risk of a successful cyber-attack on your infrastructure.
  • Support with the implementation of effective security measures.

Our experts welcome your questions and are available for further information about our penetration tests and IT security analysis. Contact us!

The Penetration Test and IT Security Analysis Process - More Information Security in Just a Few Steps

1. Gathering information
Together with you, we plan the analysis and define the type, method and scope.

2. Identification of security gaps
During the analysis phase, we identify potential weaknesses in your computer networks, IT systems, mobile devices and applications.

3. Exploiting vulnerabilities
In coordination with you, we try to access your computer networks, IT systems, mobile devices and applications either as an external attacker over the Internet or as an internal attacker via your intranet.

4. Reporting
We document and classify the identified security gaps in a TÜV Rheinland test report, detailed for the IT department and understandable for management. Thereby, we illustrate what damage an attacker can cause in your company. Moreover, we develop appropriate corrective measures together with you. Upon request, we will explain the report and present the results to your management in a workshop.

5. Corrective measures
In order to permanently close the identified vulnerabilities, we recommend suitable corrective measures or discuss with you the existing, planned next steps. If required, we also support your experts to further increase the IT security within your organization with the implementation of concrete measures.

Our IT Security Analysis and Penetration Tests at a Glance

External and internal IT security analysis and penetration tests

We perform external and internal IT security analysis and penetration tests in all relevant areas of IT within an organization.

Please find below our modules and testing scopes:


  • Customer systems, mail and VPN servers accessible via the internet
  • Simulated theft of internal or customer-specific data
  • Simulated hostile takeover of systems and access to internal systems

Internet-based applications

Unauthorized data access and manipulation

  • Stealing user or session information
  • Privilege escalation
  • Misusing the application to attack internal IT systems

Mobile Applications

  • Analysis of applications for vulnerabilities, e.g., on iOS, Android, and Windows mobile.


  • Analysis of wireless networks (WLAN) including the testing of unauthenticated access
  • Employee and guest VLANs
  • Access via the guest LAN & WLAN
  • Hacking the internal office network via WLAN and the guest WLAN

Central Components

  • In-depth analysis of central components, e.g., mainframes or SAP systems.

Web Applications

Web applications, e.g., web shops or customer portals, accessible via the Internet or intranet

  • Access to / modification of customer data
  • Unauthorized modifications to the website
  • Extending access towards internal systems

Rich/Fat Clients and Other Applications

  • perational-critical applications with a high security demand
  • Authentication bypass
  • Unauthorized access to sensitive data
  • Manipulation of application data

Our Experience in Pentests and IT Security Analysis

In the area of cyber-security, more than 270 experts work at TÜV Rheinland worldwide – of those, 20 security analysts in Germany perform more than 250 penetration testing and security analyses annually – and that number is increasing. We are proficient in the development and implementation of current attack scenarios against IT systems, computer networks and web applications through to mobile applications and wireless networks.

In addition, we have extensive expertise in:

  • SAP environments
  • Mainframes
  • Production and process control technology

We have performed penetration tests and security analyses in a wide range of industries, from auto manufacturers to retail to financial services. Our clients include small businesses with 50 employees, as well as large companies with 250,000 employees.

For more information about the work of our security analysts, see this video (in German only).

Related Topics

TÜV Rheinland IoT Privacy

IoT and smart homes: Protection of privacy in smart homes

Read more


Get in contact with us!

Get in contact with us!