Security Analysis and Penetration Tests

Data and information protection comprise more than just the security of individual components – a profound knowledge of the existing IT structure is indispensable. To be able to take effective action against internal and external attacks, a detailed vulnerability assessment of all components involved in the business process is absolutely essential. Individual workstations of the staff need to be checked just like computer-controlled machines or IP cameras.

• 

secunet determines the status quo of your IT landscape and performs audits to check how your security policies are enforced. Penetration tests are used to locate potential vulnerabilities and take effective protection measures.

While the IT system may not be homogeneous at all, all companies ultimately pursue the same goals when they commission a security analysis:

• Identification of the main weaknesses of an IT system
• Assessment of the risk potential
• Recommendation of measures to fix the identified weaknesses and lower risk potential

secunet’s process model takes into account the complexity of customer requirements and provides an opportunity to handle the issues in a focussed manner. This makes it possible to make a few important decisions right from the outset:

• Is the analysis to be carried out without knowledge of the target (blackbox), with knowledge of the internal structures of the target (whitebox) or even with administrative rights (configuration analysis)?
• Are exploits allowed to be used?
• May identified passwords be used for further action?
• Are so-called denial of service attacks to be made?
• Do specific systems / networks have to be exempted from the analysis?

Especially in the case of open analyses, for which there are no set target specifications and no information provided for the penetration test, the customer can define the complexity.