Product tests - pentesting products

A penetration test can be used to evaluate the security of IT products. This test conducted by external security experts points out weaknesses which are easily overlooked in the implementation process. A pentest before product release can avoid possible consequential costs. Additionally, the results of a product pentest can be used for advertising and gaining an advantage in competition.

Products being tested

An IT product where security is relevant can be hard- or software. One can distinguish between the test of the specification or the test of the implementation of the product. For example, a software that is used to provide encrypted communication between a bank and its customers should not only be tested on the specification-, but also on the implementation level.

Especially for internet applications product security tests are advisable. Access is often possible from the internet and security holes have usually severe consequences. Not only the users of the product can be harmed, but also the reputation of the product and the product manufacturer.

Increasing demand for security

A growing field for IT security is the area of embedded devices. These devices are used for example in the control system of cars or airplanes, for wireless communication or transaction security for online banking. Due to the growing complexity of these devices the number of attack vectors grows, too. A product security test forestalls attackers in this area and helps closing possible security holes.