Penetration testing as an integral part of your security concept
Penetration tests, often simply called pentests, give your company a detailed picture of the resilience of your IT against attacks.
Our experts carry out an attack using the same tools that professional attackers use in real attack scenarios.
Basically, penetration tests are divided into two categories:
Black box test
Whitebox test
In black box testing, the pentester conducting the test is only informed of his target object. The tester must obtain further information about the target himself during the course of the attack.
The advantage of this method: You find out which information about your IT is publicly available. The attack simulates a perpetrator without internal know-how from your company.
Disadvantage of this method: In many cases, serious attacks on companies are carried out by insiders. They often have access to a lot of important and sensitive information, which greatly facilitates the attack. A black box test does not depict this scenario.
A black box test is therefore often followed by a white box test. This provides the tester with further information about the target object. This can include Internet access points, IP addresses, DNS names, software versions used, company organizational charts, etc.
Automated vulnerability scans
Eine weitere Analysemethode, die Informationen über potentielle Schwachstellen in Ihrer Infrastruktur aufdecken kann, sind automatisierte Schwachstellenscans.
Weitere Informationen zu diesem Thema finden Sie hier.