Pentesting
Offensive - Defensive
Red Team - Blue Team
Gather Informationen and Draw Conclusions
Information is king and especially in the field of cyber security. Red team and penetration tests provide valuable information. They identify vulnerabilities no matter if they are implementation bugs, misconfigurations, design flaws or even company-wide threats. A proper scoring helps assessing and prioritizing mitigations and consequently hardeing the system.
We aim precisly so that others miss
Penetration Tests aim at different targets and scopes. These include specific APIs, web applications, office IT and infrastructure, embedded systems or industrial components.
Steps of a Pentest
Prepartion
During the preparation the details of the audit are evaluated. For instance we clarify which type of audit is best and which target is affected.
Recon
During the information gathering phase one collects as much information and details about the target as possible. This includes technical details as well as mail addresses or social information that might help to compromise security.
Analysis
After gathering details about the target, the information are analyzed according to their security impact. After prior agreement with the client the identified vulnerabilities might be verified via direct attacks.
Reporting
In the very end, you get a final report that contains all the details about issues, their rating and how to come by. Every issue is prioritized which makes it easier to decide about your next step.
Comprehensive documentation and easy understanding
Every audit ends with a detailed report that summarizes identified vulnerabilities, their impact on the security state as well as corresponding mitigation strategies. In addition to that, the highlights of the report might be presented in front of an audience.
- Final Report
- Vulnerabilities
- Details
- Mitigations
- Exec Summary