What is a penetration test?
PenTest, penetration test, vulnerability assessment, vulnerability analysis - many terms that sound different. They often mean something similar: the professional examination of IT systems for vulnerabilities.
A penetration test aims to analyse an IT system, for example newly developed software, for vulnerabilities in a structured manner and to report these to the system managers.
The system managers then use this information to rectify the identified vulnerabilities. In this way, IT systems can be protected against hacker attacks.
What types of penetration test are there?
There are at least as many types of penetration tests as there are different types of IT systems. The other way round: every IT system can have vulnerabilities. Accordingly, every IT system should be examined for these vulnerabilities as part of a pentest.
For example, there are a wide range of different characteristics and specialisations that a penetration tester must have.
Types of pentests
- Web application penetration test, or web app pentest for short. This is the examination of individual applications that are accessed via HTTP(S) and are available in the network. Examples include online shops and platforms.
- API pentest: Many applications and smartphone apps use API interfaces, which entail special requirements.
- Network penetration test: Internal company networks, DMZs and external network access points must be checked regularly. This not only examines whether the principles of network separation have been implemented securely, but often also whether attackers can spread within the network.
- ActiveDirectory pentest: ActiveDirectory plays an important role in authorisation and authentication in companies of all sizes. Misconfigurations can have serious consequences.
- Desktop and server applications: Local applications can often be misconfigured and used to give attackers with few user rights increased privileges.
- IoT: IoT devices and their applications require special hardening in order not to pose a risk. The supply of updates is often patchy - the devices must not pose a security risk even after a long time without updates.
- Cloud and containers: Whether Kubernetes, LXC or Docker - whether AWS, Google Cloud or Azure. We test your cloud environments, container solutions and orchestrations for vulnerabilities. With our specialist knowledge of the cloud and our expertise in hardening container applications in the cloud, we support you in secure operation.
Classification of a penetration test
We distinguish between Recommendation of the BSI Penetration tests in the following classifications:
Information basis
Realisation
- without prior knowledge (black box)
- with partial prior knowledge (grey box)
- with extensive prior knowledge (white box)
Scope
If the penetration test is the test
- an application
- of a network
- physical access
Aggressiveness
Should the penetration test rather
- Aggressive (thus possibly more time-saving)
- cautious
- Passive
- or weighing up
be carried out?
Scope
Should the penetration test complete, by factors such as budget limited or focus on specific weak points focus.
Procedure
Should the penetration test be carried out obviously (extensive log entries are not a problem here, the defence lawyers are in the loop) or covertly?
Starting point
Should the test be carried out from outside, from the DMZ or from inside? Is a separate test network provided?
Techniques
Which techniques should be used when carrying out the penetration test? Does the scope include social engineering or physical access?
These techniques play no role in application penetration tests in particular. As a rule, we focus on network access in penetration tests. Physical access and social engineering are used in particular in our attack simulations.
What is the difference between an automated vulnerability scan and a penetration test?
Automated vulnerability scans are carried out with so-called vulnerability scanners.
Predefined network sections are scanned for known vulnerabilities and misconfigurations. If known software, for example from Microsoft, is used in the company, vulnerability scanners often recognise whether the software is affected by vulnerabilities based on the version number. In this case, an update is often recommended.
Detection is based on so-called proof-of-concept scripts, which are regularly provided by the manufacturer of the respective vulnerability scanner.
In contrast, a vulnerability scanner cannot usually do very much with customised and self-developed software. Although individual misconfigurations can be recognised here, hardly any fundamental investigations can be carried out.
In this case, it is necessary to commission a professional penetration tester with the investigation. They often find vulnerabilities that a scanner would not have recognised.
It is therefore important that you can distinguish the added value of manual penetration tests from the output that automated vulnerability scanners bring.
We recommend that you regularly analyse your systems with automated vulnerability scanners, for example on a weekly basis. Whenever you introduce a new IT system into your organisation, you should have it scanned for vulnerabilities using a manual penetration test.
Our PenTest
Specialisations
Penetration tests require specialised knowledge. There are not which is a kind of from PenTest. Each type of penetration test requires special expertise.
With our expert knowledge of ActiveDirectory environments, we detect dangerous misconfigurations and design flaws. We show you how attackers with access to an internal network can work their way up to your domain controller by manipulating and exploiting ActiveDirectory vulnerabilities so that these vulnerabilities can be eliminated before they are exploited by attackers.
Web applications can be a gateway into your DMZ. We find vulnerabilities and not only apply the OWASP TOP 10, but also think outside the box.
APIs can be found almost everywhere these days - whether in web applications or in interaction with applications on smartphones. Testing APIs requires special expertise, which our hackers can provide.
Desktop and server applications
Classic desktop and server applications, whether written in Java, Go or .NET - we analyse and thoroughly test your applications so that neither you nor your customers are exposed to any risks.
Cloud, clusters and containers
Whether Kubernetes, LXC or Docker - whether AWS, GoogleCloud or Azure. We test your cloud environments, container solutions and orchestrations for vulnerabilities. With our specialist knowledge of the cloud and our expertise in hardening container applications in the cloud, we support you in secure operation.
Networks
The world is networked - and with it come security risks. We analyse network infrastructures for vulnerabilities. Could attackers break out of your DMZ? Are there weak points in the network separation? We find the gateways!
IoT devices and their applications require special hardening in order not to pose a risk. The supply of updates is often patchy - the devices must not pose a security risk even after a long time without updates.
Our offensive services reveal the weak points:
Cyber Security Assessment (CSA)
Cyber Security Assessment Our core business and passion: We analyse your systems and applications in line with your needs, document the current status and show you how it works,
Penetrationtests
Penetration test - We find the weak points in your systems During a penetration test, we check your technical and organisational security measures,
Attack simulation
Unlike a penetration test, our attack simulations do not focus exclusively on technical measures, but primarily on