P | INTERNET
We check your systems accessible via the Internet. This can be for example the VPN gateway, Citrix or mail server. We check the exposed services for vulnerabilities and try to gain access to one of the servers if and to continue working from there into the internal network.
P | LAN
In the P-LAN module, mainly the internal network structures are checked. How is your switch infrastructure secured? Do you use vulnerable protocols? Are there ways to break out of a corresponding VLAN? Etc. We also offer to check the security of your existing protection mechanisms such as intrusion prevention or network access control systems.
P | RADIO
We check your radio-based services such as Wi-Fi or Bluetooth systems. Is the Wi-Fi visitor network properly disconnected from the production network or do you have weaknesses in encryption or authentication?
P | WEBSERVICE
In the P-WEBSERVICE module, a Web application is checked for weaknesses such as SQL Injection, Local/Remote File Inclusion or Cross-Site Scripting. We process the complete list of OWASP TOP 10. A web application can be the online shop you run or your corporate website.
P | APPLICATION
Part of the P-APPLICATION module can be an independent application such as your ERP system or an individual app. A possible test object would be checking for an extension of rights. For example, is it possible to manipulate or steal data from the application? We also check applications for programming errors such as stack and heap overflows.
P | SOCIAL
A social engineering test can be used to check the safety awareness of your employees. We distinguish between human based and computer based social engineering. One possible approach would be to obtain confidential information through phishing calls or to place ‘spyware’ on the target systems through targeted phishing attacks. Data protection plays a very important role for us – all personal data is completely deleted after completion of the tests. Today’s professional attacks include in most cases a social engineering attack. An attacker will always take the path of least resistance. If your systems are very well secured, an attacker tries to gain access from your company’s employees in a second step. For this reason, sensitisation and regular testing are nowadays an important aspect.
P | RETEST
A retest should always be part of a penetration test. The retest checks whether all weaknesses discovered in advance have been properly remedied.
Suitable for entrepreneurs and IT managers who want to know the security of their existing IT infrastructure.