PENETRATION TEST

An Inter­net Secu­ri­ty Scan or Inter­net Pene­tra­ti­on Test (Pen­Test for short) should be car­ri­ed out regu­lar­ly in order to iden­ti­fy and eli­mi­na­te vul­nerabi­li­ties and poten­ti­al risks in a time­ly man­ner and thus mini­mi­ze the risk of a suc­cessful hacker attack.

1. Kinds of Pen Tests

Penetrations-Test extern - Internet PenTest
Pen­Test from the Inter­net & for exter­nal services

Pro­tec­tion against exter­nal attacks

The Inter­net con­nec­tion and extern­al­ly available ser­vices are exami­ned for secu­ri­ty vul­nerabi­li­ties and points of attack.

Penetrations-Test Infrastruktur - Netzwerk - Server
Pen­Test of the inter­nal infrastructure

Pro­tec­tion from the inter­nal attacker

During the infra­struc­tu­re pene­tra­ti­on test, expe­ri­en­ced audi­tors check the net­work and ser­ver infra­struc­tu­re for explo­ita­ble vulnerabilities.

Penetrations-Test Web-Applikationen
Pen­Test for web applications

Pro­tec­tion for web ser­vices and portals

Atta­ckers often tar­get the con­tent of web­sites, stores and por­tals. Pen tes­ters check the­se important ser­vices auto­ma­ti­cal­ly and manually.

Penetrations-Test WLAN - Wireless Network Security
Pen­Test for WLAN/Wireless Networks

Wire­less access protection

With the WLAN Pen­Test, you recei­ve a report on the secu­ri­ty con­fi­gu­ra­ti­on of WLAN acces­ses and the dan­gers that can be deri­ved from it after inten­si­ve testing.

DATA SHEET

YOUR ADVANTAGES

  • Detect vul­nerabi­li­ties in your IT befo­re pro­blems occur.
  • Opti­mal com­bi­na­ti­on of auto­ma­ted tests and manu­al pene­tra­ti­on tests by our IT secu­ri­ty specialists.
  • The final report includes a manage­ment report and detail­ed descrip­ti­ons of the iden­ti­fied vul­nerabi­li­ties as well as appro­pria­te recom­men­da­ti­ons for action.
  • Your employees can accom­pa­ny the audit acti­vi­ties and thus recei­ve addi­tio­nal training
  • Your com­pe­tence team from Aus­tria: On-site initi­al dis­cus­sion and plan­ning, local imple­men­ta­ti­on, on-site final pre­sen­ta­ti­on — Available in Vien­na, Sankt Pöl­ten, Eisen­stadt, Linz, Graz, Salz­burg, Car­in­thia, Inns­bruck, Bre­genz, among other cities.

2. The Method

BSI stan­dar­di­zed Pen­Test — All Pen­Tests are car­ri­ed out on the basis of the imple­men­ta­ti­on con­cept for pene­tra­ti­on tests of the Ger­man Fede­ral Office for Infor­ma­ti­on Secu­ri­ty (BSI). This ensu­res a struc­tu­red and metho­di­cal pro­ce­du­re with com­pre­hen­si­ble results.

Pha­se 1, the pre­pa­ra­ti­on: defi­ni­ti­on of the IP address ran­ges or Inter­net domains to be tes­ted and the orga­niza­tio­nal frame­work con­di­ti­ons as well as the choice of the test­ing approach (white or black box).

Pha­se 2, infor­ma­ti­on gathe­ring: obtai­ning all publicly available infor­ma­ti­on about the infra­struc­tu­re to be audited.

Pha­se 3, the infor­ma­ti­on assess­ment and risk ana­ly­sis: ana­ly­sis and assess­ment of the iden­ti­fied vul­nerabi­li­ties and risks. Iden­ti­fi­ca­ti­on of sys­tems and appli­ca­ti­ons whe­re poten­ti­al points of attack have been identified.

Pha­se 4, acti­ve intru­si­on attempts: Based on the tech­ni­cal report from Pha­se 3, tar­ge­ted attempts are made to exploit the poten­ti­al vul­nerabi­li­ties to gain unaut­ho­ri­zed access to data or systems.

Pha­se 5, the final ana­ly­sis: During the final ana­ly­sis, the results of the audit exe­cu­ti­on are eva­lua­ted in terms of poten­ti­al risks (low, medi­um, high) and spe­ci­fic recom­men­da­ti­ons are deve­lo­ped to miti­ga­te them.

A black box test means that no infor­ma­ti­on bey­ond the IP addres­ses or domains to be che­cked is made available. This cor­re­sponds to the start­ing posi­ti­on that exter­nal atta­ckers such as hackers also find them­sel­ves in, whe­re a lot of infor­ma­ti­on about the attack tar­get is rese­ar­ched in the first step of the attack. This method is most­ly used when IT are­as are tes­ted wit­hout the know­ledge of the ope­ra­ting depart­ments. In con­trast to the white­box test, the black­box test can be used to check whe­ther and when an attack is detec­ted by the ope­ra­tor itself.

In a white­box test, rele­vant infor­ma­ti­on about the rele­vant infra­struc­tu­re is made available befo­re the test beg­ins and the­re is ongo­ing coor­di­na­ti­on with the cli­ent. This increa­ses the effi­ci­en­cy of the resour­ces used and the level of detail of the results, but the know­ledge of whe­ther and when an attack is detec­ted by the IT ope­ra­ti­on is lost.

3. The Level of Examination

Pen­Test Level Bronze

Sui­ta­ble for simp­le envi­ron­ments with a web pre­sence and few extern­al­ly available ser­vices such as email, VPN, web­site, etc.

Get an offer

Pen­Test Level Silver

Sui­ta­ble for medi­um com­ple­xi­ty envi­ron­ments with few exter­nal ser­vices such as email, VPN and mul­ti-ins­tance enter­pri­se portal.

Get an offer

Pen­Test Level Gold

Sui­ta­ble for com­plex envi­ron­ments with num­e­rous exter­nal ser­vices that cover important busi­ness pro­ces­ses such as orde­ring or the company’s web store. Also sui­ta­ble for pro­vi­ders of Inter­net services.

Get an offer

4. SEC4YOU — We are hap­py to sup­port you!

mobi­le and mail contact

Send us a mail or give us a call:

SEC4YOU Advan­ced IT-Audit Ser­vices GmbH (HQ)
cont­act: Andre­as Schuster
In der Fischer­zei­le 13/10
A‑2100 Kor­neu­burg bei Wien
Österreich
Tel:  +43 1 2531 797–0
mail: office@sec4you.com

Branch Office Tyrol
cont­act: Man­fred Scholz
Kreuz­feld­stras­se 14B/6
A‑6275 Stumm in Tirol
Österreich
mail: office-tirol@sec4you.com

Online Inquiry Cloud Consulting