PENETRATION TESTING SERVICES INDIVIDUALLY CUSTOMISED FOR SMES

We have structured our Penetration Testing services specifically for medium-sized businesses. Do you want to test your information security as well as IT security? Do you need an expert analysis for your SaaS solution? Or do you already have your audit for ISO 27001, TISAX®, or IATF on time? No worries, we are here to help you. 

Penetration testing services, also called Pentest, are one of the most popular topics in today’s information security world. It is a security testing procedure designed to detect security vulnerabilities in computer systems, networks and web applications.

These security tests are performed by “authorized” persons (so-called ethical hackers) to detect logic flaws and vulnerabilities in the specified information systems and to prevent the exploitation of these vulnerabilities by malicious persons. As a result, measures are proposed to increase the security level of the tested environments. The main purpose of a Penetration Test is to exploit the vulnerability in question and try to gain unauthorized access in a way that does not damage the system, not just to detect vulnerabilities.

Penetration Testing Services: Our Experience

With our Penetration Testing services, we help you understand the security level of your technical infrastructure, guide you through the process, and provide you with a comprehensive report. In addition, we provide you with the necessary precautions to address the vulnerabilities uncovered by our ethical hackers. 

Our team has over 7 years of experience in network and web application Pentesting. During this time, we have worked with various clients across the country. Our flexible, agile and customer-oriented approach helps us to deliver high-quality results.

Why do I need a Penetration Test?

Penetration Test is used to identify security vulnerabilities in your application, network, or system. This way, you can fix them before attackers exploit these issues. There is no definition of a 100% secure system, and the techniques attackers can use to exploit the system are limitless. The techniques available vary depending on the attackers’ experience with operating systems, software development skills, and information systems. In addition, it is always a good choice to have a third party review the security vulnerabilities in your information systems.

Below are some of the benefits realized from working with our Penetration Testing Services:

  • Increased information, as well as IT security
  • Pentest Report for your ISO 27001, TISAX®, or IATF Certifications
  • Avoidance and/or minimization of damage from cyber attacks
  • Increased awareness of your employees

If you need more detailed information about Penetration Testing, do not hesitate to contact us.

  • Our Pentester will work individually for your project to exploit the security vulnerabilities
  • No hidden or additional costs, individual all-inclusive prices for your Pentests
  • Fair price structure depending on company and network size
  • Orient our Pentests according to your requirements, not a one-size fits all approach
Want to learn more about our Penetration Testing Services?

Do you still have questions about our services? Then arrange an appointment with us. It is free of charge, of course, and without any obligation to you.

Penetration Testing Procedure

A typical Penetration Testing Procedure consists of the steps listed below:

    • Customer Meeting (collecting information and discussing the test conditions)
    • Kick-off (scanning of the test scope)
    • Setting up VPN access from a German server to your in-house installation so that all scan results can remain on your infrastructure
    • Vulnerability Scan (scanning of the networks provided by the customer)
    • Manual Exploitations (detection of false alarms, attempt to gain unauthorized access)
    • Scenario Execution (predefined scenarios with or without prior knowledge of systems)
    • Pentest Report (including vulnerabilities discovered and actions taken against them).
    • Final Meeting (presentation of the test report and proposals)
    • Subsequent Examination of whether the implemented measures were sufficient (if necessary) 
Penetration Testing Procedure

What are the costs for Penetration Testing Services?

Of course, the cost of Penetration Testing Services varies from company to company. However, we have summarized the available options with the corresponding price ranges. The cost of Penetration Testing is mostly influenced by two factors, which are explained in detail:

  • Size and complexity of your network and company: Of course, vulnerability scanning depends on the number of network components, servers, locations, etc.
  • Test Duration and Method: Black-box, White-box, or Gray-box? Perhaps we want to adopt the “time-boxed” approach. Your exact requirement defines the test duration, thereby the cost.

Overall, the budget requirement for the Penetration Test for a medium-sized company is between 4k-10k€. If you calculate the effort of a cyber-attack, the Penetration Test pays off if you can avoid only an average attack, which is the case in most cases.

Two ways we can help you

We are here for you to get your Pentest result with less cost and faster.
Do you have any questions about Penetration Testing?
Then, schedule a free call.

Are you ready to start your Penetration Testing? Then, book our vulnerability scan so you know your security gaps and can define the next steps.

International Norms and Standards

What are the different types of Penetration Testing?

Network Penetration Test

If the Penetration Test is about your network, it is called Network Penetration Test. Firewalls, servers, WLANS, VLANS and VPN accesses are tested against security gaps and vulnerabilities.

An assessment of the network infrastructure on-premises and in the cloud, such as virtual system hosts, routers, and switches. A Pentest can be conducted either as an internal Penetration Test, which focuses on resources within the corporate network or as an external Penetration Test, which also targets the corporate network infrastructure that is accessible via the Internet. To plan a test, you need to know the number of internal and external IPs to be tested and the size of the subnet.

Web Application Penetration Test

A comprehensive assessment of websites and custom applications deployed specifically over the Internet, uncovering coding and development errors that could be maliciously exploited. Before embarking on a web Pentest, it is essential to clarify how many applications need to be tested, including the number of static pages, dynamic pages, and input fields to be checked.

Mobile Application Testing

Authentication, authorization, data leakage and session processing. To perform a Pentest, testers need to know both operating system types and versions. In addition, testers can use an app under test, the number of API calls, and the requirements for jailbreaking.

 

0 billion €

total damage in Germany 2021

0 million

Messages to German Network Operators

0

BOT-Infections of German Systems per day

0

new malware variants per day

Social Engineering/Phishing and Pentests

Social Engineering is one of the many ways in which hackers can gain access to your environment. Although companies invest lots of money in security hardware and software, employees are the weakest link in the chain. Hackers also have lots of time, so they research employees’ social media accounts and try to create an email to persuade them to click the given link in the email or download the attachment. Of course, the link or file is malicious, and it could allow the hacker to penetrate your systems.

Sending emails with malicious links, files, and software is commonly known as Phishing. Please note that there is no malicious link here; just information is requested. On the other hand, social engineering attacks are personalized, and hackers need plenty of time.

Want to learn more about Penetration Testing?

Then check out our blog post: Penetration Testing: All You Need to Know, in which we explain Penetration Testing Services in detail. Also, you can look at our FAQ below. Do you still have questions? Then please schedule a meeting with us.

 
FAQ

To create a secure access, we need a VPN access, a VM available to reach all subnets, and an AD user for identity and access management checks.

It depends on your network size and requirements. A Pentest can take between one week and three weeks.

It depends, of course, on the complexity of the project. As a result, the cost is between 4-10T€. If you need detailed information about penetration testing costs, ask for an offer directly.

We use the combination of open source Kali Linux and licensed Tenable Nessus to perform our Penetration Testing.

No, you will not pay any license fees. Our tooling is included on your offer.

Depending on your requirements and audit objective, we offer the option of conducting a follow-up audit.

 TISAX® ist eine eingetragene Marke der ENX Association. Die 360 Digitale Transformation steht in keiner geschäftlichen Beziehung zur ENX. Mit der Nennung der Marke TISAX® ist keine Aussage des Markeninhabers zur Geeignetheit der hier beworbenen Leistungen verbunden. TISAX® Assessments, zur Erlangung von Labels, werden nur von den auf der Homepage der ENX genannten Prüfdienstleistern durchgeführt.