We are here to answer quickly, effectively, and reliably! On this page, you will also find answers to frequently
asked questions about our PenTest process. If you don't find a suitable answer to your specific question here,
feel free to write us a message on our contact page.
Also known as PenTest, is penetration testing are planned and permitted attacks on systems to simulate malicious attacks to identify vulnerabilities and potential problems in target systems. Thereby, testers are expected to think and act like real attackers in order to obtain realistic results.
The attacks are documented, and the results evaluated to provide a risk assessment and necessary actions to address the identified vulnerabilities.
First, we jointly define the scope and nature of the tests (scoping) and then submit an appropriate proposal.
After approval, we start the tests at the agreed time, try to discover vulnerabilities, exploit them if necessary (exploit) and evaluate the possible impact (system takeover, data theft, manipulation, etc.).
Finally, the customer receives a detailed technical report and a management summary. Both are discussed in a joint debriefing session.
The time required at the customer/client is usually very low.
During the tests, the testers act autonomously and would only point out if already identified vulnerabilities indicate imminent danger.
In total, the effort on the customer side is very manageable and amounts to only a few hours. Of course, this also includes the debriefing.
In our scoping interview, which lasts about 30 minutes, we discuss the scope of the project.
Which scenarios should be covered? For this, we need information on whether, for example, we should check their public attack surface, simulate the attacker in the internal network, or specifically test web services or digital products.
On the one hand, you get a comprehensive and technically detailed report on risks and vulnerabilities with corresponding recommendations for action, and on the other hand, you get a management report where the results are summarized in a less technical way and provided with a risk assessment.
We delete all information from our systems after a defined period of time.
We do not have fixed prices, which means that each customer order is individual.
We will be happy to make a scoping meeting with you in order to be able to make a tailor-made offer.
Just get in touch with our team. We will get back to you as soon as possible to answer the rest of your questions.