Typically, a penetration test at RedTeam Pentesting consists of three phases. Following the initial contact, we conduct a preliminary meeting with you to understand your specific requirements. Based on this information, we provide you with a customised offer. Subsequently, the penetration test is carried out by a team of three penetration testers during an agreed-upon time frame. Finally, the results are discussed jointly with you in a final presentation.

Preliminary Meeting

In a comprehensive preliminary meeting, we work together with you to determine the goals and scope of the penetration test. Due to the wide range of systems that may be the target of a penetration test, each test is unique. With our years of experience and specialization in penetration testing, we can provide competent advice to our clients. It is very important for us to conduct meaningful tests for our clients with the aim of sustainably improving the security level of the tested systems. Therefore, in this initial discussion, we first determine whether a penetration test is the appropriate solution in the given situation and how it can be effectively designed. Additionally, the time frame for the test is estimated. Factors such as the size and complexity of the systems to be tested are taken into account for this estimation. Our goal is to offer and conduct the most efficient penetration test possible. Although potentially more vulnerabilities can be uncovered over a longer period, it has been shown that in many cases, relevant vulnerabilities can be discovered within a few days, resulting in little change to the overall outcome with an extended test duration. Based on the results of the discussion, we then provide you with a customised proposal for conducting a penetration test.

Execution of the Pentest

The penetration test is always conducted by a team of at least three penetration testers, who exclusively work on the respective project during the agreed-upon time frame. During this process, the system to be tested is examined for vulnerabilities based on the attack scenarios developed in the preliminary meeting. In conducting the penetration test, we rely primarily on our years of experience and in-depth knowledge in various areas of IT security. In particular, we search for vulnerabilities manually to ensure that the issues most relevant to you are identified. Moreover, this approach allows us to uncover vulnerabilities that are not solely of a technical nature but are instead rooted in application logic. Throughout the penetration test, there is close communication between the test team and the system operators. A dedicated contact from the test team is available for inquiries throughout the entire test. The penetration test also includes documenting all identified vulnerabilities in a detailed test report. This report contains precise descriptions of all identified vulnerabilities, as well as individual risk assessments and proposed solutions. Additionally, the report includes a management summary, which provides an overall picture of the tested system and thus creates an objective basis for decision-making.

Final Presentation

During the final presentation, the results of the penetration test are discussed with you in a personal meeting. For this discussion, the same penetration testers who conducted the respective test are available. Therefore, besides details about the specific vulnerabilities also the overall picture of the security level gained during the test can be conveyed. The discussion is aimed not only at the operators of the respective systems, such as administrators and programmers, but explicitly also at decision-makers and individuals without technical background knowledge. In a management summary report, we explain the vulnerabilities and the resulting actions needed in non-technical language. Subsequently, each identified vulnerability is demonstrated live. This provides you with the unique opportunity to view your system from an attacker’s perspective. Following the demonstration, based on the demonstrated results, you can make a precise assessment of the prerequisites and implications of the vulnerabilities. With this knowledge, decision-makers can initiate the necessary steps to sustainably and effectively improve security.