Pentest

What is pentesting?

A penetration test also known as a pentest is a vulnerability audit. A software is specifically examined for vulnerabilities and weaknesses. We are specialised in web applications, mobile applications of the iOS and Android platforms as well as any API and software system for the exchange of data.

How does a penetration test work?

At the beginning of the pentest, the scope of the audit is defined and which systems are tested exactly. Afterwards, an attempt is made to penetrate the system from the outside or to obtain protected data. After the pentest has been performed, the customer receives a detailed description of the vulnerabilities that were found as well as a protocol showing what and how everything was tested.

What does a penetration test cost?

The cost of a pentest always depends on the scope of the system to be tested. Before an implementation, the costs are estimated in a quotation.

Durch die Identifikation von Sicherheitslücken können Unternehmen frühzeitig reagieren und gegebenenfalls erforderliche Massnahmen ergreifen, um potenzielle Angriffe sowie ein Reputationsverlust zu verhindern. Die Kosten für einen Penetrationstest sollten daher als Investition in die Sicherheit des eigenen Systems betrachtet werden, die sich langfristig auszahlt.

Recurring or one-time?

A one-time penetration test is not enough to protect the system in the long run. Regular testing is required to ensure that the vulnerabilities that arise from changes to the system or even new threats are identified. This helps the company to stay on the cutting edge of security. Regular pentests are an important part of risk management in order to reduce cyber risks.

Our rules

Basically, everything is allowed, except:

• No social engineering attacks
• No phishing attempts
• No DDoS attacks
• No destruction of data / systems

Pentesting from Switzerland

Our team of security experts works from Switzerland and has excellent language skills in German and English. With years of experience in the field of cybersecurity as well as in software development, we bring in-depth expertise in this area, which we successfully apply to our work.

Advantages

• Cost structure
• Out of the Box thinking
• Reduction of cybersecurity risks
• Detailed step-by-step documentation
• More time on an interesting attack vector
• Increase security of own product/service
• Increase confidence in own product/service

Attack simulation

An attack simulation is a structured procedure in which all components of a system are studied. First we look at the individual components and then at the complete processes. From this we develop various attack scenarios, which we carry out and analyze the results.

Pentest as a standard element in safety management

A penetration test is an essential control in the information security management system (ISMS), with the purpose of ensuring the integrity and confidentiality of data and systems.

What is the scope?

Generally, all systems that can be reached from the outside are included in the scope. Social engineering attack or phishing attempts are not performed by Codepurple. If there are systems which must not be analysed, these can be excluded by the customer. In general, the less excluded, the more meaningful the outcome.

How big is the risk?

Both your financial risk and the risk of your IT systems becoming unavailable is small. Thanks to defined scopes, the costs are clearly defined.
Hackers act like surgeons, the aim is not to cause damage, but to find gaps and not to affect the IT systems.

White box or black box testing

For whitebox tests, we know the source code, for blackbox testing we do not. Together with our customer, we define whether a blackbox or whitebox test makes more sense for the system under investigation.

Are hackers evil?

The term hacker often has a negative connotation. This is unjustified. Most hackers have no evil or criminal intentions. So the term "ethical hacker" or "white-hat hacker" has become established for the friendly hackers.