Our penetration tests verify the company’s information security using complex and up-to-date attack techniques. Penetration tests (penetration testing) mainly used manual testing methods. This can reveal more serious vulnerabilities that cannot be detected by vulnerability scans. In addition, this procedure can be used to check logical processes of an implementation and/or aspects related to personnel or organization.
Another key difference to vulnerability scans is the validation and exploitation of vulnerabilities to achieve audit objectives agreed with the client. Possible audit objectives could include:
- Compromising the entire company
- Access to the emails of the management
- Knowledge Theft
In principle, a penetration test can check all areas of information security. The following list represents an excerpt of frequent assessments at HanseSecure:
- Internal network
- Mobile applications
- Web applications and services
- Perimeter protection like IDS/IPS/WAF
- Social engineering (manipulation of employees)
- Industrial or medical IT
- Internet of Things (Smart Systems)
We can cover all kinds of operating systems and programming languages with our team.
This procedure is used to detect deep vulnerabilities that no automated procedure can find because they are multi-level and/or personnel/organizational. Pentesting also offers the possibility to check already selected hedging measures for their effectiveness.
Our team of highly specialized experts in the field of offensive security provides the client with an objective and realistic assessment of how well the company is actually protected against targeted hacker attacks.