
Penetration Testing
Identification of hidden vulnerabilities
Overview
What is a pentest?
Penetration tests – or pentests for short – are simulated cyberattacks in which IT security experts identify vulnerabilities and security gaps and then exploit them in a controlled manner in order to assess the associated risks.
Such vulnerabilities arise either from errors in the configuration or programming of the deployed web applications, operating systems, system services, IT infrastructure and cloud services, or simply through risky user behaviour.
In penetration testing, the perspective of an attacker is taken and attempts are made to bypass the existing security mechanisms using the same means and tools.
Among the results of a penetration test is an extensive report outlining the security vulnerabilities found, with recommendations for remediation.
The most important goal of a penetration test should not be to show that a company can be hacked, but to bring in the views and techniques of a real, advanced attacker in such a way that targeted countermeasures can be implemented cost-effectively.
Dr. Ewan Fleischmann — Founder & CEO of RedlingsReasons for a pentest

A penetration test helps to fix security vulnerabilities before they can be exploited by criminals.

A penetration test is an independent audit of the security measures already implemented.

Compliance requirements such as ISO 27001, PCI DSS or GDPR are supported.

Unused potential of existing security technologies is revealed by a pentest.

A penetration test brings transparency to the actual threat situation of your own IT infrastructure.

A pentest supports the prioritisation of IT investments by highlighting IT security risks.
What are the types of penetration tests?
Although it may seem tempting to ask a pentester to „just test everything”, this would probably only lead to a lot of vulnerabilities being found on the surface. Without the appropriate time frame, however, it is not possible to assess the security problems found in depth for relevance and business impact. For a penetration test, we therefore distinguish between different focus areas.

Network Pentest
In a penetration test on a network, internal or internet-accessible addresses or address ranges are checked for signs of security problems. Common questions asked here are:
- How far does an attack get from the outside (e.g. the internet)?
- If someone has access to a network socket/LAN/VoIP connection in the building – what is then possible?
- How well does our firewall withstand an attack? Are there configuration gaps?
- What would happen if an attacker were able to compromise a web server in our DMZ?
Penetration testing for web applications & web APIs
Penetration testing for web applications examines the overall security and potential security risks of web applications, including programming errors, improperly functioning authentication or authorisation, session management, and injection vulnerabilities such as XSS or SQL injection. Related and accessible infrastructure components, such as web or database servers, are likewise included in the penetration testing and examined for vulnerabilities.


Cloud Penetration Testing
Cloud providers such as Amazon AWS, Google Cloud Platform (GCP) and Microsoft Azure offer a high number of services, but generally follow a shared responsibility model. The cloud service provider is responsible for the security of the cloud. This includes the hardware, the back-end infrastructure, and the technical implementation and secure programming of the service. The customer, however, must take responsibility for security in the cloud through proper configuration of the servers and services, the permissions granted, and much more. Often the risk arises from the inadequate configuration of these increasingly complex services. Cloud penetration tests check the security of a cloud deployment. Such a pentest provides recommendations for improving the security of the cloud environment.
Social Engineering Penetration Test
Social engineering is an attack tactic that involves using deception to gain access to information or premises, which is then used for malicious purposes. The most common example of this is the classic phishing scam. In such a penetration test, the pentesters use special phishing tools to test the defence mechanisms, detection and response capabilities. Penetrating physical security zones – past the security team – can also pose a major threat, for example when using a hack box, and can be checked with a penetration test. For obvious reasons, this type of penetration test is bound by strict ethical principles and takes place with very transparent rules.


Mobile App Penetration Testing
The proliferation of mobile apps continues to increase steadily. In the process, business-critical information is often not only transmitted but also stored directly on the mobile device. A mobile app penetration test checks whether an attacker can gain access to company and user data, and whether this leads to further risks for the internal corporate network.
Client Penetration Test
Let’s be honest – most attacks on corporate networks run through a user’s computer and exploit the trio of Outlook & Exchange & Active Directory. Security gaps in system-level applications such as software distribution, and incorrectly configured system services, offer malware such as ransomware excellent entry points into your network. This penetration test is about finding out what options exist after a user has clicked incorrectly, or after an attacker has gained physical access to a client.


Red Team
In a red teaming engagement, the entire defence of an environment is tested. The pentesters often also use social engineering for the initial access to establish a covert command-and-control (C2) channel. While a normal penetration test performs an in-depth analysis, red teaming goes broad in the attempt to reach the agreed objective. A red teaming engagement therefore also tests the capability of your own IT environment in terms of incident detection & response. Red teaming is aimed in particular at companies and institutions that have already reached a high level of IT security maturity.

Individual Penetration Testing
Penetration tests of scenarios, systems and components not listed here include:
- Data exfiltration test
- Security testing of products
- WiFi / WLAN
- VoIP systems
- Active Directory Security Assessment
- Environments with IoT/PLC devices
Do you need a penetration test?
Let’s talk about it today!
Vulnerability scan vs. penetration testing
Vulnerability scanners such as Nessus, OpenVAS or even Nmap are automated tools that examine an IT environment and, on completion, produce a report of the vulnerabilities discovered. The vulnerabilities found are often assigned a CVE identifier through which more detailed information can be obtained. A CVSS risk score (from 1 = low to 10 = critical) is usually given as well.
Such security scanners have large databases with tens of thousands of vulnerabilities. The assessment of the vulnerabilities is generic and, unlike penetration testing, does not take the circumstances of the IT environment into account. Vulnerabilities and configuration errors that are not contained in the database cannot be found.
Nevertheless, carrying out vulnerability scans – ideally frequently – remains a comparatively easy-to-implement and important security measure that gives every company a good insight into the potential vulnerabilities of its own IT infrastructure.
Vulnerability scanners are very valuable tools – but one should know their limits. They work purely signature-based, so unknown vulnerabilities cannot be found. Many configuration errors also go undetected. For example, a penetration test frequently uncovers errors that arise from the interplay of different system services and can lead to administrative rights, as well as logical security flaws, for instance in web applications, which are usually not detected.
How does a pentest work?
Through penetration testing you proactively identify the exploitable security vulnerabilities before anyone else does. Penetration tests are structured, methodical projects. In principle we distinguish the following project phases:
Pentest scoping, planning and preparation
The type of pentest to be carried out and the goals to be achieved are agreed in advance between pentester and client. Usually a joint kick-off meeting for organisational and technical coordination takes place shortly before the start:
- Exchange of current contact information
- Confirmation of start and end date, and any test windows
- Confirmation of the exact project scope
- Presentation of the test object
- Provision of information/access for the testers
- Coordination of test environment, procedures and other conditions
Reconnaissance (enumeration)
In this penetration testing phase, information about firewalls, available network services and IP addresses is evaluated. Depending on the type of pentest, personal data such as names, job titles, email addresses, usernames and current job postings may also be collected from public sources and kept for later phases.
Identifying and exploiting vulnerabilities
In this phase of the penetration test, attempts are made to penetrate the environment, to identify and exploit security vulnerabilities and, for example, to show how deep the pentesters can get into the network. After a vulnerability has been successfully exploited, further reconnaissance usually takes place to assess the newly available options for the next steps.
Report and analysis of the results
The results of the penetration test are compiled into a report. It contains:
- An executive summary of the results with an assessment of the overall risk
- A description of the framework parameters, the methodology and the test object
- A list and description of the security problems uncovered, with a risk assessment and remediation proposals
- Detailed documentation of how the uncovered vulnerabilities could be exploited, step by step
Closing meeting
The results of the penetration test are presented in a closing meeting. The pentesters are personally available to answer specific questions in a shared setting.
Closing security gaps
The necessary corrections should be made to close the gaps revealed by the penetration test.
Retest
The best way to ensure that the corrective measures taken are effective is a renewed penetration test.
Even though the process of a penetration test is methodical and structured, there remains enough freedom for the experienced pentester to track down and exploit vulnerabilities using non-linear approaches.
In a nutshell
Good penetration testing is characterised by exactly the right mix of methodical procedure, powerful tools, an eye for the business use case, experience, and a creative use of knowledge about current attack tactics.
Dr. Ewan Fleischmann — Founder & CEO of RedlingsFrequently asked questions
The terms „pentester”, „white-hat hacker” and „ethical hacker” are often used synonymously. „Ethical hacker” and „white-hat hacker” are, however, broader and describe all hacking activities aimed at improving IT security. What they all have in common is that no unlawful activities, or activities not in line with the code of ethics, are carried out.
Formally, a penetration test is an „ethical hack” with clearly agreed rules, a formal approach and a defined goal.
A pentester uses their knowledge during penetration testing.
The time required for a pentest depends on the scope of the test. Factors that affect the duration include the size of the network or the complexity of the application, whether the test is carried out internally or externally, whether it involves physical penetration testing, and whether network information and user credentials are made available to the testers before the start.
Pentesting should be carried out regularly to ensure effective IT and network security management. A penetration test shows how newly discovered threats or undetected vulnerabilities could be exploited by attackers. In addition to the regular analyses that may also be partly required by compliance regulations, the tests should always be carried out after major changes, such as the deployment of changed or new network infrastructure, new applications and changed security policies.
Many types of penetration test can be carried out remotely, for example via a VPN connection or a hack box. However, some types, such as pentests for wireless networks or pentests on the physical infrastructure, require an on-site assessment by a penetration tester.
Working with a single pentest provider can lead to some vulnerabilities being overlooked, for example due to a great familiarity with the IT environment – sometimes called „operational blindness”. On the other hand, such a pentester can dive straight into depth without any significant onboarding time.
If you are aware of this tension, the right time often arises automatically to bring some fresh ideas and ways of thinking on board, in order to uncover potential new improvements.
A penetration test is a project carried out in compliance with the strictest legal, technical and ethical standards. The tests are designed to identify and safely exploit vulnerabilities while minimising the risk of disruption to business operations. A pentesting project can of course also be carried out in development or integration environments.
As with any business service, the cost of a penetration test varies considerably depending on several factors. Scoping details such as network IP addresses, the complexity and number of (web) applications and employees for social engineering are key factors in determining the project size. A high-quality, professional penetration test carried out by experts usually costs from around €5,000 for a simple application or a simple network.
Vulnerability scanners such as Nessus, OpenVAS or Nmap are automated tools that examine an IT environment and produce a report of the vulnerabilities discovered after completion. The vulnerabilities found are often given a CVE identifier, through which more detailed information can be obtained. An assessment with a CVSS risk score (from 1 = low to 10 = critical) is usually also provided.
While vulnerability scans provide a valuable picture of the potential security weaknesses, penetration tests add context by showing whether the vulnerabilities could be exploited to gain access to your environment.
Penetration tests should not be seen as an obstacle to overcome and simply ticked off as „done” once carried out. On the contrary: evaluating the results of a penetration test is a good opportunity to discuss and review the current situation and planning for IT and IT security.
A black-box approach to pentesting means that a pentester receives no internal information about an environment in advance. In a white-box approach, the pentester receives the internal details in advance. A grey-box penetration test lies somewhere between a white-box and a black-box pentest.
Depending on the question to be answered, one approach or the other is more suitable. A white-box approach, in which the internal technical details are openly available, often leads to a more cost-effective procedure than a black-box approach. A white-box model is recommended for most pentests.
Our pentesters’ qualifications







Why Redlings?
A trustworthy partner
- A transparent approach
- A detailed report with recommendations for remediating the vulnerabilities found
- Comprehensive support after the test for effective elimination of the identified risks
Certified and experienced
- Experienced and certified pentesters
- In-depth threat analysis and consulting
- A deep understanding of how hackers work
- Execution according to recognised standards (BSI, PTES, OWASP, PCI DSS, OSSTMM, NIST)
Your contact

Dr. Ewan Fleischmann
Founder & CEO
- Over 15 years in IT security
- Advising SMEs, DAX corporations and financial institutions
- PhD in cryptography with 15+ international publications in IT security
- SANS Advisory Board Member
- 20+ certifications, including CISSP, OSCP, OSCE
Have we sparked your interest?
Simply give us a call or send us a message!

