In a Penetration Test or Pentest, we perform a comprehensive security test of all the relevant components of your network and/or web server.

The structures that we test vary greatly, and so do our approaches by which we perform the test; but for a comprehensive security test, the following procedure has proved to be the most useful:

  • Definition of the test objectives
  • Definition of the objects to be tested
  • Information collection
  • Testing for vulnerabilities
  • Documentation of the results
  • Discussing the results

As the server infrastructure as well as applications are adapted every so often in most cases, periodic testing is advisable (e.g. annually, after major updates, after changing the infrastructure etc.)

The range of topics observed closely during a standard test is as follows:

  • DNS server competent for the offer (Nameserver)
  • Mail server competent for the offer
  • Web and application server
  • Search for other servers of the customer
  • Testing of external service providers (Newsletter ASP, Payment Gateways etc)
  • Customer’s website

The tests performed on the website are as follows:

  • Susceptibility to SQL Injection
  • Susceptibility to XSS / Cross Site Scripting
  • Search for files and folders with contents not intended for the public
  • Search for errors in the application, which allow output of non-public data or execution of programs on the server
  • Search for misconfiguration (Directory Listing, SSL configuration)
  • Security of the customer data (Logins, Sessions, encryption etc.)

The test report comprises 35-45 pages and offers background information for all tests and results, in addition to classification from “Good” to “High risk” for each criterion.

The tests can be performed as Blackbox, Graybox or as Whitebox Tests; according to whether we have no data, some data or detailed data from you about your network and your infrastructure.

We can, of course, even test only specific sub-areas, if so requested.

Just call us on  044 586 64 68 for an obligation-free consultation.

Dieser Text ist auch verfügbar auf: DE