Penetration Testing

Cyber attacks are steadily increasing and can have catastrophic repercussions. The potential consequences are data loss, failure of critical systems, loss of customer trust and high costs for repair of damage. In order to avoid this, it is necessary to put your own IT security measures to the test on a regular basis. This applies in particular to companies from sectors such as health care, financial services, energy, and e-commerce.

We offer professional penetration testing services to uncover your vulnerabilities before they can be exploited by cybercriminals. Our certified pentesters work closely with your team to demonstrate best practices for resolving your vulnerabilities.

Benefits of Penetration Testing

Robust IT security increases your business value.

Risk Mitigation

Our penetration tests are the most effective way to detect shortcomings in your IT security

Return on Investment

At the end of your penetration test, you know exactly where your IT security budget should be used most effectively

Compliance

Our penetration tests meet the requirements of relevant standards such as PCI DSS

Strengthen Customer Trust

Regular IT security audits strengthen your customers' trust in your company

Data Protection

We quantify your risk for the accessibility of internal systems and confidential information

Business Continuity

In the event of a cyberattack, you will be able maintain uninterrupted business operations

Our Penetration Testing Approach

Our penetration tests are carried out in 6 phases and follow the Penetration Testing Execution Standard (PTES).

In a preliminary discussion, the framework parameters of the penetration test are determined. This phase is used to coordinate the effort related to the number of systems to be examined. A customization of the required working days is verified here.

The aim of this phase is to find out as much as possible about the network structure. In a penetration test, we use both automated and manual tools to map the network structure. For further discovery, we use port scanners and other tools to detect operating systems and services.

The objective of this phase is to actively search for vulnerabilities through the information identified in phase 2. We examine your publicly accessible systems such as firewalls, VPN gateways, routers, DMZ systems, web servers, mail systems, etc. for security vulnerabilities. We use automated tools (vulnerability scanner) and manual methods.

In this phase, the vulnerabilities found in phase 3 are analysed and assessed according to their risk. The aim of this phase is to classify  vulnerabilities into risk levels and to define corrective measures. The risks identified can be used for active intrusion attempts and serve as  basis for report generation.

In phase 5, active intrusion attempts are carried out according to real-life attack procedures. Optional elements of this phase are brute-force attacks or takeover of a systems through remote sessions.

At the end of the penetration test, we will provide you with a final report.  This report will provide you with very detailed and clear information about the vulnerabilities found and enable you to take the necessary steps to remedy them. Of course, all information will be treated confidentially.

Our Pentesting Offer

We carry out various penetration tests for you. We determine the information basis (black box, grey box or white box test) and testing depth individually with you.

This penetration test aims at your external infrastructure. Our pentesters replicate the same type of attacks that hackers use by finding and mapping vulnerabilities in your external infrastructure.

Our web application penetration testing includes manual and automated methods to identify vulnerabilities, security gaps or threats in your web applications. Our penetration testers simulate attacks from an attacker’s point of view, e.g. through SQL injection tests. The main result is the identification of security vulnerabilities in the entire web application and all its components (source code, database, back-end network).

In contrast to a traditional penetration test, the Cloud Service Provider (CSP) owns the entire technical infrastructure. Because you only use the service, your ownership is limited to your data stored there. Thus, there are some challenges to overcome before we can start penetration testing. These challenges are both of technical and legal nature. We see ourselves as a Next-Generation Managed Security Services Provider and therefore offer you special pentests for cloud environments. We support both AWS and Microsoft Azure.

Certifications

All penetration tests are conducted by a GPEN certified Cloud Cape Senior Security Consultant.

Standard Penetration Test

Verification of your protection measures at network level
4480 €* approx. 4 days of testing
  • Planning Meeting
  • Information Gathering
  • Scanning of Network
  •  
  • Threat Analysis (Network)
  •  
  • Intrusion Attempts
  • Final Report

Advanced Penetration Test

Verification of your protection measures at network and application level
6720 €* approx. 6 days of testing
  • Planning Meeting
  • Information Gathering
  • Scanning of Network
  • Scanning of Applications
  • Threat Analysis (Network)
  • Threat Analysis (Applications)
  • Intrusion Attempts
  • Final Report

Cloud Penetration Test

Verification of the protection measures for cloud-based networks and applications
7125 €* approx. 6 days of testing
  • Planning Meeting
  • Information Gathering
  • Scanning of Network
  • Scanning of Applications
  • Threat Analysis (Network)
  • Threat Analysis (Applications)
  • Intrusion Attempts
  • Final Report

Request sample report

Get a sample copy of a detailed final report directly into your e-mail inbox. Thus, you can get a good overview of our offer. Our final reports contain the following core components:

  • Executive Summary
  • Complete list of all automatic and manual test measures performed
  • Detailed descriptions of all identified technical risks
  • Detailed evaluation of weaknesses and potential effects in the respective context
  • Multiple approaches to remediation
The picture shows the cover of a penetration test report

FAQ

Do you have any questions about our penetration tests?

The price depends largely on the scope and complexity of the test. You can find out more in our blog article. Please contact us for a non-binding offer for your individual project.

This depends on a variety of factors, such as how big your environment is and how often it changes. Last but not least, it also depends on your budget constraints. We are happy to advise you on solutions that focus on the most critical assests and can be implemented on a smaller budget.

We carry out our penetration tests according to the latest state of the art and with the necessary care in order to prevent disruptions in the course of operations. Typically, we also agree with our customers on a pondering test intensity.

Like a pentest, a vulnerability scan is a very reasonable IT security measure, but it is less in-depth and is performed exclusively by automatic scanning tools. For more detailed information, please visit our blog.

In order to ensure a smooth procedure, you have to take on some of  framework services. This includes, for example, the provisioning of a contact person and the prior notification of users. Before the start of the test we will of course inform you about all your obligations to cooperate.

The time window of active testing during a penetration test should not be greater than one week. If a very high effort is required, a suitable penetration test team should be used.

A professional penetration test by Cloud Cape IT Security requires a certain amount of preparation time. This is typically 2-4 weeks.

We follow the Penetration Testing Execution Standard (PTES),  OWASP and other industry standards.

Optionally, we would be happy to carry out a control test for you.

Inquiry - Pentest