Pentest

The aim of a penetration test (pentest), also called ethical hacking, is to simulate an attack on IT systems to verify the security of these IT systems and of the data stored on them. By doing a controlled simulation of an attack, a penetration test uncovers security flaws in a realistic way. The spectrum of tested systems reaches from simple onlineshops to complex company networks. The attacking methods are also manifold and range from passive information gathering over targeted attacks from the internet to the identification of weaknesses which can only be detected on-site.

The adaption of the penetration test to the demands of the customer guarantees the practical relevance for the client. For this reason, even before the signing of a contract, an individual preliminary talk is held with the potential customer, where possible workflows are introduced.

Pentesting - a vital tool for IT security

In almost all areas where complex systems are used, test phases are a self-evident part of the development cycle. No respectable software company delivers software to its customers without having it tested sufficiently, no car goes on the road without a crash test. Nevertheless, many companies have implemented systems that are critical for IT security without a completing security test in the past.

The company network - a development that needs testing

This IT security deficit in companies results from the misunderstanding that only corporations which develop a product need testing. Companies regularly overlook the fact that their network is some kind of internal product of the company. Nowadays most of the big corporations conduct pentests in regular intervals. This ensures that changes in their IT infrastructure have not opened new security holes. Currently an increasing number of small companies also realize this gap in their development cycle, and introduce testing to strengthen their security.

Besides testing networks, RedTeam Pentesting offers specialised product tests to makers of products with IT security relevance. This helps producers to complement their own product testing with competent IT security know-how. Further information on these tests can be found in the product test section.

Workflow of a pentest

Despite the individuality of every pentest, the workflow can be categorized into the four phases Reconnaissance, Enumeration, Exploitation and Documentation. During the attacking simulation those phases are passed through cyclically multiple times, to be able to point out the relevant results in different network segments. Precise information about the separate phases can be found by clicking on the links in the illustration.

More information can also be found in the FAQ, which summarizes frequently asked questions about penetration testing. If there are still questions left, please do not hesitate to contact us.