With our penetration tests, you achieve a comprehensive picture of how you are positioned in the face of real attacks. In addition to technical information on vulnerabilities and their remediation, we also highlight the specific threats to your operational business and provide strategic recommendations for measures to improve your security level sustainably.
Why does your company need a penetration test from Allgeier secion?
We have a highly experienced team of experts.
Our penetration testers perform more than 100 pentests per year and look back on more than 50 years of pentesting experience. Through meaningful certifications (e.g., OSCP, OSCE, OSWE), regular training, and internal research, we ensure an excellent level of competence of our pentesters and continuously expand it. We base our test procedures on established standards and security research projects (e.g., PTES, OWASP) and constantly adapt them to IT security research's latest developments.
The above-average quality standard of our result reports
The quality and scope of our audit results reports far exceed industry standards. This gives you a comprehensive picture of how you are positioned in the face of real attacks. In addition to technical information on existing vulnerabilities and their remediation, we also show you the specific threats to your operational business and provide strategic recommendations for measures to improve your security level sustainably.
Clear and easy-to-understand recommendations for action
Our pentesters assign the findings to different vulnerability categories and analyze their distribution, allowing conclusions to be drawn about their origin. Based on all the information, our experts formulate easy-to-understand, prioritized recommendations for action that can be implemented immediately. This ensures optimum knowledge transfer to our customers - intending to prevent the recurrence of similar vulnerabilities permanently.
Read the whitepaper now!
Data, Facts Backgrounds!
The eight most frequently asked questions about penetration testing.
1. Which pentest procedures does Allgeier secion offer?
We offer all variants of penetration testing. In addition to the white box, black box, and grey box audit methods, this also includes, for example, the internal perpetrator simulation, the social engineering audit, the phishing simulation, and red teaming. As part of a full-scope security audit, we examine technical aspects and the crucial elements of your physical, organizational, and process-related IT security.
2. Do Allgeier secion pentesters have meaningful certifications and proof of experience?
Yes, our Offensive Security Consultants not only possess meaningful certifications (e.g. OSCP, OSCE, OSWE), but also ensure and continuously expand their market-leading level of competence through regular training and internal research. In addition, we base our test procedures on established standards and security research projects (e.g. PTES, OWASP) and adapt them to developments in IT security research at any time.
3. What is the more suitable pentesting method for my company? - Externally or internally (for example as an internal perpetrator simulation)?
Basically, this depends on the points in your company at which attackers can achieve success or penetrate most quickly. Internal networks often have no or barely functioning mechanisms for attack detection, carelessly maintained or undocumented systems, and far too generous authorization assignment. If such IT security gaps exist, it is very easy for attackers to gain control of the entire IT environment in a short time. In order to give you a valid statement of which procedure is suitable for you, please contact us via our contact form.
4. How long does a pentest take and how much do I have to invest for it?
The scope and investment level depend on the type of inspection and the infrastructure to be inspected. Contact us for further information.
5. Do I have to expect restrictions in the availability of my systems if I have a pentest carried out by Allgeier secion?
No. Our IT security checks are carried out by our experts in such a way that no impairment of your IT infrastructure takes place or is to be expected. For further information, please contact us.
6. Does Allgeier secion also provide me with proof of the pentest that I can use as an advertising measure for my clients and customers?
Yes, we will be happy to provide you with written proof of the quality level of your IT security as part of a retest, which you can use flexibly for your marketing.
7. Is there a face-to-face discussion of review results in addition to documentation of results?
Yes. The results of our audits not only include detailed documentation of your vulnerabilities and the exact remediation measures, but also go well beyond the industry standard in scope. At secion, this always includes a personal meeting and discussion of your findings in order to provide you with an optimal knowledge transfer for optimizing your IT security.
8. Can I also have Allgeier secion perform non-technical IT security checks, for example social engineering audits or a phishing simulation?
Yes. Through a social engineering audit and phishing simulations, our IT security experts provide you with a precise catalog of measures to increase your IT security at a non-technical level, such as concerning the IT security awareness of your employees. In addition, it often makes sense to combine an internal perpetrator simulation with social engineering elements to test compliance with internal policies or the effectiveness of your physical protection measures.
The three phases of a penetration test
Step 1: Information collection
Research publicly available sources for DNS names, RIPE records, blacklist records, metadata analysis, and contact information.
Target:
Determine the external image of the company from the attacker's perspective.
Step 2: Initial identification of security vulnerabilities
Identify vulnerabilities through automated scanning.
Target:
Further identification of IT security vulnerabilities via reachable services, open ports, reachable applications, known vulnerabilities and misconfigurations.
Step 3: Vulnerability analysis
Verification by the pentester whether the vulnerabilities are exploitable (exploits) and with what effort.
Target:
Risk assessment of the potential damage.
We commissioned Allgeier secion's cybersecurity experts to conduct a penetration test. Among other things, they checked provided services accessible via the external IP addresses at the time of the tests. By implementing their recommendations to eliminate the identified IT vulnerabilities, we could significantly increase our security level.
That's why you should commission us with a penetration test now!
Our audits' results include the technical documentation of vulnerabilities and remediation measures and go well beyond industry standards in the scope of the report.
Based on all the information, we also formulate strategic recommendations for preventing the recurrence of similar vulnerabilities permanently.
To provide you with a vivid picture of your security level, our Management Summary:
- An analysis of the damage potential, which shows the substantial impact on your business operations.
- An analysis of the probability of attack, in which we include our knowledge and experience of potential perpetrator groups. In addition to the results report, we also provide you with all findings in the form of an action plan table, making it much easier to coordinate and track remediation measures.
Increase your company's resilience now with a penetration test! Our security consultants will be happy to inform you!
Call us at: +49 (0) 40 / 38 90 71 – 0 or send us an e-mail: info@secion.de
How much does a penetration test cost?
Download our whitepaper on this topic now!
