What actually is a pentest?
Do you want to perform a penetration test? Here you can find out everything you need to know about it: Which areas can be tested by a penetration test, when it...
Penetration Testing Hamm
Trusted Ethical Hackers Hamm
Our certified penetration testers and IT security experts test IT security from the perspective and with the means of a hacker. A pentest is one of the most effective ways to put your IT security through its paces and then eliminate the vulnerabilities discovered.
Talk to a certified penetration tester!
Your advantages at a glance
With our penetration tests and security audits, Redlings reliably identifies security vulnerabilities that put our customers at risk. Benefit from our experienced penetration testers.
Certified
Penetration Testers
Vendor-independent
and individual
Free
initial consultation
Our Cyber Security Experts
Our IT security experts for penetration testing have many years of experience in conducting security tests. Through regular training and continuing education, they are always up to date.
Who we are
Redlings is a EU/Germany-based company specializing in penetration testing.
With us, you can ensure that your defenses are adequate for the current threats. Through our detailed "hands-on" technical analysis, we can uncover security vulnerabilities that leave customers vulnerable. With our continuous pentesting approach, we work with our customers in the long term to improve the the IT security posture.
Reasons
for a
Pentest
Every Redlings pentest is subject to strict guidelines and ethical principles.
1
Priorisierung von IT-Risiken
With a penetration test you can determine which existing vulnerabilities have the greatest impact on your web applications and network. on your web applications and network. Use your resources and time more efficiently.
2
Compliance requirements
Regulations such as PCI-DSS, but also ISO 27001/2 and others, may require regular penetration tests. Some contractual regulations may also contain such a requirement.
3
Increase the effectiveness of your security investments
Often, our penetration testers uncover unused potential of existing security technologies. The performance of security systems can often be significantly increased as a result.
4
Protect your most important data and the trust of your customers
Company and customer data is considered the lifeblood of a business and can be extremely damaging in the wrong hands. With a pentest, your company can better protect its data assets and, if possible, prevent attacks.
5
Konsequenzen eines Understand Cybersecurity Incidents
Penetration testing gives you unvarnished feedback on the possible consequences of an IT security incident such as a ransomware attack.
6
Training of the internal IT team
The results of a pentest support the own team - e.g. system admins - to avoid some error sources in the future. A penetration test can reveal errors in configuration and programming.
7
Implementation of Security Policy
Are important patches missing or are applications and operating systems not hardened? If your pentesters can show that applications and network areas with good implementation have fewer security vulnerabilities, this often has the effect of motivating them to follow the security guidelines.
8
Detection of vulnerabilities
Penetration tests attack your network and web applications like a hacker would - but without causing any damage. This allows you to find and fix vulnerabilities before the attackers do.
9
Evidence-based investment
Investments in security measures should always be supported with concrete evidence to demonstrate the value to the business. By showing your leadership team the value of an investment, you can justify your need for more resources
.Steps for a Penetration Test
1
Kick-Off
The project schedule is planned and prepared during the joint kick-off meeting. Among other things, the following points will be discussed:
- Reconciliation of contact details
- Test period with start date and end date
- Review of the exact handling and scoope of the pentest
- Technical presentation by the customer (test subject)
- Making technical details available (e.g. documentation of components, accesses)
- Agreement on the environment of the pentest and the exact methodology
2
Penetration Test Execution
Now the security test takes place. Here, it usually consists of one (or more) commissioned test modules.
- Internal Network Penetration Test
- External Network Penetration Test
- Web Application & Web-API penetration test
- Social Engineering
- Wifi Pentest
- Red Teaming
- Cloud Pentests
- Active Directory Security Assessment
3
Report
The test results are compiled in a report. This will include, among others, the sections listed below:
- Summary of the results and description of the framework of the project
- Listing and description of security vulnerabilities found with risk assessment and remediation actions
- Proof documentation on the security vulnerabilities, screenshots if necessary
4
Final Discussion
The penetration test and its result are discussed in a final meeting with all parties involved. We understand very well that the discovered and documented security vulnerabilities are only the first step. Concrete measures for the improvement of IT security must be derived and also implemented.
Let us advise you free of charge!
Check what damage hackers can do to you with a penetration test.
As a pentester and ethical hacker, we emulate attacks on corporate IT using the same tools and methods that criminal organizations use every day in Hamm, Germany, Europe and worldwide.
So erreichen Sie uns
Häufige Fragen
A penetration test, or "pentest" for short, is a security check that emulates an attack by a malicious party on a network or application to identify security vulnerabilities. This test is coordinated in advance and conducted in such a way that no system is damaged. At the end of the test, you will receive a report that includes the problems and vulnerabilities found, along with suggestions on how to fix them.
An IT security audit examines the security of a company's IT systems from a holistic perspective. Security threats can arise not only from attacks, but also from technical incidents, organizational deficiencies or force majeure.
Security audits often take place as part of an ISMS (information security management system) and examine not only technical security elements but also compliance with the company's own standards and guidelines, security processes, employee training (keyword information security awareness) and similar aspects.
Some security audits also include elements of a vulnerability scan.
However, a security audit usually does not go into as much technical detail as a manual penetration test.
Similar to cost, the duration of penetration testing depends on several factors. Penetration testing is a hands-on assessment that does not lend itself to short, quick sprints. At Redlings, we tend to have pentesting projects start at week or so, but many projects can extend over a much longer period of time. extend over a significantly longer period of time.
Unlike penetration testing, vulnerability assessment does not determine in detail whether the vulnerability can actually be exploited or what impact it has. A vulnerability scan usually uses automated vulnerability scanners such as Nessus or even Nmap. Vulnerability scanners only cover standard scenarios and do not take into account the specifics of the IT infrastructure in question.
Vulnerability scans are therefore more of a first step in the technical analysis of vulnerabilities than a complete process for securing systems. They are also often used as part of a security audit or as one of the first steps in penetration testing. In all cases, penetration testing goes further and examines the discovered vulnerabilities in detail.
The pentester attempts to exploit the vulnerabilities and assess the resulting opportunities for the attacker. This helps determine the impact of a vulnerability. Due to the manual nature of a penetration test and the creativity of the pentester, the chances of finding serious vulnerabilities are much higher with professionally conducted penetration tests than with standardized vulnerability scans.
This can vary - depending on the type of pentest. However, the following points are often part of the scope or the mutually reached agreement:
- Target systems (IP/host name) or IP address spaces
- Test periods as well as contact persons
Cloud providers such as AWS, Azure, and Google have provided blanket consent forms for certain areas, but this may vary by provider.
In principle, one must be available if the systems to be tested are not on your own infrastructure.
It is often useful to involve the system managers concerned in the planning process at an early stage
so that the "pentest" is not perceived as an attack but as a potential analysis for improving IT security.
To be honest, we are not interested in showing that we can hack a company,
but to uncover potential for improvement in the IT landscape in a collaborative working atmosphere,
deriving and prioritizing measures and improving IT security as effectively and efficiently as possible.
The terms "penetration tester" (also "pentester" for short), "white hat hacker" and "ethical hacker" are often used interchangeably. The terms "ethical hacker" and "white hat hacker" cover all hacking activity aimed at improving IT security. What they all have in common is that activities that are illegal or do not comply with the Code of Ethics are refrained from.
Formally, a penetration test is only an "ethical hack" with very clearly agreed rules, a formal procedure as well as a defined goal.
Webcasts und aktuelle Beiträge
Cyber Security
Why is Cyber Security so important? Attackers and defenders - when does the cat-and-mouse game end? What measures should you take now to protect yourself from...
Leistungen
Network Pentest
A network penetration test is a security assessment for your organization's internal or external IT infrastructure and exposed network services.
Read More
Web Application Penetration Testing
We examine your web applications and web servers for vulnerabilities.
Read More
Cloud Penetration Testing
Cloud Penetration Testing is a security assessment of one or more systems in a cloud environment (e.g. AWS, Azure, GCP).
Read More
Scenario Penetration Testing
Assess the effecitvness of your prevention, detection and response capabilities against common adversarial tactics.
Read More
Active Directory Security Assessment
An Active Directory Security Assessment includes a forest and domain trust configuration and security review as well as an assessment of conrols for administrative groups and privileged access accounts.
Read More
Red Teaming & Purple Teaming
Assess your organisation's threat detection and response capabilities using a emulated cyber attack.
Read More
Vulnerability Assessment
The Redlings Vulnerability Assessment Service helps you better understand and manage your organisation's cybersecurity risks by providing assistance in identifying, classifying and mitigating them.
Read More
Social Engineering & Phishing Testing
A Social Engineering Security Assessment may range from simple email phishing to sophisticated campaigns using multiple communication techniques including spearphishing, vishing and on-site engagement.
Read More
CISO-as-Service
Redlings provides organizations with top-notch security experts who have years of experience building and running information security programs.
Read More
Governance, Risk & Compliance
Our GRC experts can provide you with assistance delivering your information security project.
Read More
Security Architecture
Our goal is to ensure that your company has fully integrated 'security-by-design' right from the start of the project.
Read More
DevSecOps and SDLC Consulting
Our security experts will infuse security policies, tooling, and practices into your DevOps environment.
Read More