Menu
Cyber Security
Back to previous page

Penetration Testing

Don’t let vulnerabilities become a risk for your business success

IT networks and applications are constantly being adjusted to fit new requirements, and are becoming increasingly complex over time. The technology used presents a target for cybercriminals and internal attackers.

Regardless of how carefully the preventive elements of a security infrastructure are chosen and implemented, penetration testing is the only way to prove their effectiveness and the achieved level of protection.

In a penetration test, we assume the role of an internal or external attacker. We initiate targeted attacks against networks, systems and applications via the internet, in the local network or directly on the targeted systems, in order to uncover vulnerabilities. We then suggest solutions to close these gaps in your security.

Do you have any questions?

We look forward to hearing from you if you have any questions on these topics.

 

CONTACT US

Our Portfolio

The tests are performed according to a transparent method based on the specifications of the German Federal Office for Information Security (BSI) and the standard of the Open Web Application Security Project (OWASP).

How you benefit 

A penetration test allows you to detect operative risks and provides you with criteria for selecting effective and efficient protective measures. The test is an important element of a functioning security process and covers the following aspects: 

  • Investigation of known and unknown vulnerabilities 

  • Analysis of IT infrastructure security and compliance

  • Definition of measures to enhance the security of IT systems and applications

  • Third-party verification of your IT security

IT security pentesting eng diagram
Why SVA?

  • In our testing activities, SVA only uses experienced and qualified specialists with many years of experience in penetration testing

  • These testers are certified Offensive Security Certified Professionals (OSCP) and Offensive Security Certified Experts (OSCE)

  • After the test, you receive a qualified final report created by the SVA tester

  • This can also be presented to relevant third parties as it is easy to understand and follow

Network Penetration Testing

As digitalization continues to progress, IT resources are becoming increasingly interconnected. This makes more and more applications and interfaces accessible, and thus vulnerable, from the network. In a network penetration test, SVA penetration testers investigate the typical vulnerabilities of a network, both via the internet and from within the company network. In doing so, our testers simulate both external and internal attacks on an IT infrastructure. The aim of the penetration test is to quickly provide a comprehensive overview of the current IT security level – as well as recommending measures.

WLAN Penetration Testing

Wireless local area networks (WLANs) are extremely popular thanks to their high data rates, cost efficiency, flexibility and ease of use. They also present a significant security risk, as they transmit data wirelessly without any physical protection. Because they offer a wireless point of access to the internal network, WLANs need a particularly high level of protection. We analyze the WLAN infrastructure for typical vulnerabilities and attack them. All available networks, including guest access, for example, are included in the test. 

Web Application Penetration Testing

Web applications are increasingly provided to staff, partners and customers online or within the company network. SVA offers a special test for these web applications. We analyze the applications for typical vulnerabilities and logical errors. The examination covers both standard software and applications developed in house, and can be conducted both with and without access to the source code. During these tests, we always consider the ten most common security risks for web applications according to the Open Web Application Security Project (OWASP Top 10). The content and scope of the test are based on the BSI standard.

Mobile App Penetration Testing

In many organizations, mobile apps have become an established part of the IT infrastructure and are used for business-relevant processes. In most cases, mobile apps also offer access to customer information. This can present a data protection risk if not secured sufficiently. Our penetration testing experts test both Android and iOS apps on a daily basis. The test begins with an analysis of the documentation, in order to gain an overview of how the apps work and where the potential vulnerabilities could be. Building on this, we consider the ten most common security risks in mobile applications according to the Open Web Application Security Project and conduct both dynamic and static tests (code review).

Internet of Things (IoT) Penetration Testing

Homogeneous company networks consisting solely of IT components are a thing of the past. Today, controllers for production systems, building services, medical engineering, cash register systems and many other smart systems can be found in numerous networks, and many of these are also connected to the internet. Although these IoT systems offer countless new opportunities, they also present another target for attackers. While critical IT systems are typically located in access-controlled areas, IoT devices are often easier to reach. That is why SVA offers special testing for these. Our penetration testers begin by looking at the system’s documentation, in order to get an idea of how it works and where the potential attack vectors could be. An analysis of the hardware, software, network components, web applications and wireless protocols used is then conducted so that each of the system’s interfaces is considered.

Active Directory Penetration Testing

The active directory forms the backbone of an IT network infrastructure and is a key focus for attackers. If the active directory is compromised, this presents a significant threat to a company, potentially causing production downtime, data loss and often a loss of reputation. Securing the active directory is therefore absolutely vital. In an active directory penetration test, our experts try to extend their rights as normal domain users. The goal is to completely take over the domain. To do this, the experts conduct attacks and use tools currently employed by hackers. This gives them a realistic idea of the current security level of your active directory. 

Cloud Penetration Testing

Network components and applications are increasingly being outsourced to the cloud instead of being operated on premises. Concepts like SaaS (software as a service) and managed services are driving this development even further. The cloud also offers needs-based scalability. We examine the security of your applications and communication components such as message queues or API interfaces in the cloud, so that you can not only map your business processes reliably, but protect them, too. 

Physical Penetration Testing

A company’s security is not just relevant at the level of the IT systems: Security of access to sensitive areas such as office, server or storage rooms also needs to be examined. Today, these are no longer kept merely under lock and key – electronic locking systems are ever more common. Solutions like using employee ID for authentication allow these to be used extremely dynamically and flexibly. We test the security of these locking systems, so that your doors remain locked to attackers who have issued their own access card.

Any Questions?

If you would like to know more about this subject, I am happy to assist you.

Book an appointment
Mark Sobol
Mark Sobol
Head of Business Line Cyber Security