Pentest

What is pentesting?

A penetration test also known as a pentest is a vulnerability audit. A software is specifically examined for vulnerabilities and weaknesses. We are specialised in web applications, mobile applications of the iOS and Android platforms as well as any API for the exchange of data.

How does a penetration test work?

At the beginning of the pentest, the scope of the audit is defined and which systems are tested exactly. Afterwards, an attempt is made to penetrate the system from the outside or to obtain protected data. After the pentest has been performed, the customer receives a detailed description of the vulnerabilities that were found as well as a protocol showing what and how everything was tested.

What does it cost?

The cost of a pentest always depends on the scope of the system to be tested. Before an implementation, the costs are estimated in a quotation.

Durch die Identifikation von Sicherheitslücken können Unternehmen frühzeitig reagieren und gegebenenfalls erforderliche Massnahmen ergreifen, um potenzielle Angriffe sowie ein Reputationsverlust zu verhindern. Die Kosten für einen Penetrationstest sollten daher als Investition in die Sicherheit des eigenen Systems betrachtet werden, die sich langfristig auszahlt.

Our rules

Basically, everything is allowed, except:

• No social engineering attacks
• No phishing attempts
• No DDoS attacks
• No destruction of data / systems

White box or black box testing

For whitebox tests, we know the source code, for blackbox testing we do not. Together with our customer, we define whether a blackbox or whitebox test makes more sense for the system under investigation.

White box or black box testing

For whitebox tests, we know the source code, for blackbox testing we do not. Together with our customer, we define whether a blackbox or whitebox test makes more sense for the system under investigation.

Pentesting from Switzerland

Our team of security experts works from Switzerland and has excellent language skills in German and English. With years of experience in the field of cybersecurity as well as in software development, we bring in-depth expertise in this area, which we successfully apply to our work.

Advantages

• Cost structure
• Out of the Box thinking
• Detailed step-by-step documentation
• More time on an interesting attack vector
• Increase security of own product/service
• Increase confidence in own product/service

Pentest as a standard element in safety management

A penetration test is an essential part of the security management (cybersecurity management) of a system, with the purpose of ensuring the integrity and confidentiality of data and systems.

What is the scope?

Generally, all systems that can be reached from the outside are included in the scope. Social engineering attack or phishing attempts are not performed by Codepurple. If there are systems which must not be analysed, these can be excluded by the customer. In general, the less excluded, the more meaningful the outcome.

Recurring or one-time?

A one-time penetration test is not enough to protect the system in the long run. Regular testing is required to ensure that the vulnerabilities that arise from changes to the system or even new threats are identified. This helps the company to stay on the cutting edge of security.

How big is the risk?

Both your financial risk and the risk of your IT systems becoming unavailable is small. Thanks to defined scopes, the costs are clearly defined.
Hackers act like surgeons, the aim is not to cause damage, but to find gaps and not to affect the IT systems.

Are hackers evil?

The term hacker often has a negative connotation. This is unjustified. Most hackers have no evil or criminal intentions. So the term "ethical hacker" or "white-hat hacker" has become established for the friendly hackers.