PENETRATION TESTING SERVICES INDIVIDUALLY CUSTOMISED FOR SMES

We have structured our Penetration Testing services specifically for medium-sized businesses. Do you want to test your information security as well as IT security? Do you need an expert analysis for your SaaS solution? Or do you already have your ISO 27001, TISAX® or IATF audit on time? No worries, we are here to help you. 

Penetration Testing Services: Our Experience

With our Penetration Testing services, we help you understand the security level of your technical infrastructure, guide you through the process, and provide you with a comprehensive report. In addition, we provide you with the necessary precautions to address the vulnerabilities uncovered by our ethical hackers. 

Our team has over 7 years of experience in network and web application Pentesting. During this time, we have worked with various clients across the country. Our flexible, agile and customer-oriented approach helps us to deliver high-quality results.

Our Advantages at a Glance

  • Our Pentester will work individually for your project to exploit the security vulnerabilities
  • No hidden or additional costs, individual all-inclusive prices for your Pentests
  • Fair price structure depending on company and network size
  • Orient our Pentests according to your requirements, not a one-size fits all approach

What are Penetration Testing Services?

Penetration testing services, also called Pentest, are one of the most popular topics in today’s information security world. It is a security testing procedure designed to detect security vulnerabilities in computer systems, networks and web applications.

These security tests are performed by “authorized” persons (so-called ethical hackers) to detect logic flaws and vulnerabilities in the specified information systems and to prevent the exploitation of these vulnerabilities by malicious persons. As a result, measures are proposed to increase the security level of the tested environments. The main purpose of a Penetration Test is to exploit the vulnerability in question and try to gain unauthorized access in a way that does not damage the system, not just to detect vulnerabilities.

Why do I need a Penetration Test?

Penetration Test is used to identify security vulnerabilities in your application, network, or system. This way, you can fix them before attackers exploit these issues. There is no definition of a 100% secure system, and the techniques attackers can use to exploit the system are limitless. The techniques available vary depending on the attackers’ experience with operating systems, software development skills, and information systems. In addition, it is always a good choice to have a third party review the security vulnerabilities in your information systems.

Below are some of the benefits realized from working with our Penetration Testing Services:

  • Increased information, as well as IT security
  • Pentest Report for your ISO 27001, TISAX® or IATF Certifications
  • Avoidance and/or minimization of damage from cyber attacks
  • Increased awareness of your employees

What are the costs for Penetration Testing Services?

Of course, the cost of Penetration Testing Services varies from company to company. However, we have summarized the available options with the corresponding price ranges. The cost of Penetration Testing is mostly influenced by two factors, which are explained in detail:

  • Size and complexity of your network and company: Of course, vulnerability scanning depends on the number of network components, servers, locations, etc.
  • Test Duration and Method: Black-box, White-box, or Gray-box? Perhaps we want to adopt the “time-boxed” approach. Your exact requirement defines the test duration, thereby the cost.

Overall, the budget requirement for the Penetration Test for a medium-sized company is between 4k-10k€. If you calculate the effort of a cyber-attack, the Penetration Test pays off if you can avoid only an average attack, which is the case in most cases.

If you need in-depth information about Penetration Testing, feel free to request an offer.

Want to learn more about our Penetration Testing Services?

Or do you have any other questions about our services? Then make an appointment with us. It is free of charge, of course, and without any obligation to you.

Penetration Testing Procedure

A typical Penetration Testing Procedure consists of the steps listed below:

    • Customer Meeting (collecting information and discussing the test conditions)
    • Kick-off (scanning of the test scope)
    • Setting up VPN access from a German server to your in-house installation so that all scan results can remain on your infrastructure
    • Vulnerability Scan (scanning of the networks provided by the customer)
    • Manual Exploitations (detection of false alarms, attempt to gain unauthorized access)
    • Scenario Execution (predefined scenarios with or without prior knowledge of systems)
    • Pentest Report (including vulnerabilities discovered and actions taken against them).
    • Final Meeting (presentation of the test report and proposals)
    • Subsequent Examination of whether the implemented measures were sufficient (if necessary) 
Penetration Testing Procedure

International Norms and Standards

What are the different types of Penetration Testing?

Network Penetration Test

If the Penetration Test is about your network, it is called Network Penetration Test. Firewalls, servers, WLANS, VLANS and VPN accesses are tested against security gaps and vulnerabilities.

An assessment of the network infrastructure on-premises and in the cloud, such as virtual system hosts, routers, and switches. A Pentest can be conducted either as an internal Penetration Test, which focuses on resources within the corporate network or as an external Penetration Test, which also targets the corporate network infrastructure that is accessible via the Internet. To plan a test, you need to know the number of internal and external IPs to be tested and the size of the subnet.

Web Application Penetration Test

A comprehensive assessment of websites and custom applications deployed specifically over the Internet, uncovering coding and development errors that could be maliciously exploited. Before embarking on a web Pentest, it is essential to clarify how many applications need to be tested, including the number of static pages, dynamic pages, and input fields to be checked.

Mobile Application Testing

Authentication, authorization, data leakage and session processing. To perform a Pentest, testers need to know both operating system types and versions. In addition, testers can use an app under test, the number of API calls, and the requirements for jailbreaking.

 

0billion €

total damage in Germany 2021

0million

Messages to German Network Operators

0

BOT-Infections of German Systems per day

0

new malware variants per day

We can help in Two Ways

We are here for you to get your Pentest result with less cost and faster.
Do you have any questions about Penetration Testing?
Then schedule a free-of-charge call.

Are you ready to start your Penetration Testing? Then book our vulnerability scan so you know your security gaps and can define the next steps.

Want to learn more about Penetration Testing?

Then take a look at our blog post: Penetration Testing: Everything You Need to Know, where we explain Penetration Testing Services in detail. Or take a look at our FAQ below. Are your questions not explained? Schedule a meeting with us.

 

FAQ

To create a secure access, we need a VPN access, a VM available to reach all subnets, and an AD user for identity and access management checks.

It depends on your network size and requirements. A Pentest can take between one week and three weeks.

It depends, of course, on the complexity of the project. As a result, the cost is between 4-10T€. If you need detailed information about penetration testing costs, ask for an Offer directly.

We use the combination of open source Kali Linux and licensed Tenable Nessus to perform our Penetration Testing.

No, you will not pay any license fees. Our tooling is included on your offer.

Depending on your requirements and audit objective, we offer the possibility to conduct a follow-up audit.

 TISAX® ist eine eingetragene Marke der ENX Association. Die 360 Digitale Transformation steht in keiner geschäftlichen Beziehung zur ENX. Mit der Nennung der Marke TISAX® ist keine Aussage des Markeninhabers zur Geeignetheit der hier beworbenen Leistungen verbunden. TISAX® Assessments, zur Erlangung von Labels, werden nur von den auf der Homepage der ENX genannten Prüfdienstleistern durchgeführt.