Test the Security of Your Enterprise or Embedded & IoT Devices with Penetration Testing
What is a Penetration Test?
Cyber attacks can not only disrupt or destroy your IT systems and IT infrastructure, but also result in financial or reputational damage.
During a penetration test, your IT systems are checked for security holes and vulnerabilities. Known security gaps have already been exploited to the greatest possible extent, so that a realistic picture of IT security emerges from the frequency of these. If a vulnerability analysis has already been carried out by an ISMS, the penetration tests are based on these results. If this is not the case, we determine the depth of testing for a penetration test in a specially tailored question catalog.
The situation is similar with embedded devices that are located in an IoT network, e.g. a vehicle, an aircraft or a production line. In this case, the penetration test is performed specifically to the OEM’s requirements or after analysis of the system.
The execution of a penetration test is basically done according to the procedure model of the “Penetration Testing Execution Standard (PTES)”:
- Information Gathering
- Threat Modeling
- Vulnerability Analysis
Especially the reporting at the end is an important step that concludes a penetration test.
The customer receives the results of the tests and the corresponding solution options presented in a comprehensible way and can react accordingly.
Checking the security levelYou have already defined safety levels in your development or production?
We check their compliance and can support you with suggestions for improvement if required.
Technical AuditYou need an overview of your IT security through an independent external audit.
We detect potential system vulnerabilities.
Determination of Security MeasuresAfter a review of your systems, we provide recommendations for security measures.
These lead to a long-term increase of the security level of your organization or your products.
Frequently Asked Questions
- Penetration testers examine the IT or IoT and embedded devices of the commissioning companies for security gaps and/or security weaknesses. This is done according to a predefined set of rules.
- You can opt for a classic penetration testing approach, where a project is initiated with preparation time and corresponding final documentation. Alternatively, you can choose a contract model in which penetration tests are performed repeatedly within an agreed period of time.
- Embedded devices also have potential vulnerabilities and interfaces to the real world. These are checked and documented during penetration tests. Finally, potential solutions are also identified here.