A penetration test is a method for checking the security of a system. In this process, we specifically take a close look at a particular system to identify vulnerabilities and security gaps. This verification is carried out empirically, i.e. we simulate actual attacks on the system to test its resilience.
Our expertise in a penetration test lies in the investigation of interfaces, web or mobile applications. We focus particularly on these areas due to their importance for the functionality of a system and their potential points of attack. Through a successful penetration test, security vulnerabilities can be identified and eliminated before they can be exploited by attackers.
A penetration test also known as a pentest is a vulnerability audit. A software is specifically examined for vulnerabilities and weaknesses. We are specialised in web applications, mobile applications of the iOS and Android platforms as well as any API for the exchange of data.
At the beginning of the pentest, the scope of the audit is defined and which systems are tested exactly. Afterwards, an attempt is made to penetrate the system from the outside or to obtain protected data. After the pentest has been performed, the customer receives a detailed description of the vulnerabilities that were found as well as a protocol showing what and how everything was tested.
The cost of a pentest always depends on the scope of the system to be tested. Before an implementation, the costs are estimated in a quotation.
Durch die Identifikation von Sicherheitslücken können Unternehmen frühzeitig reagieren und gegebenenfalls erforderliche Massnahmen ergreifen, um potenzielle Angriffe sowie ein Reputationsverlust zu verhindern. Die Kosten für einen Penetrationstest sollten daher als Investition in die Sicherheit des eigenen Systems betrachtet werden, die sich langfristig auszahlt.
Basically, everything is allowed, except:
For whitebox tests, we know the source code, for blackbox testing we do not. Together with our customer, we define whether a blackbox or whitebox test makes more sense for the system under investigation.
For whitebox tests, we know the source code, for blackbox testing we do not. Together with our customer, we define whether a blackbox or whitebox test makes more sense for the system under investigation.
Our team of security experts works from Switzerland and has excellent language skills in German and English. With years of experience in the field of cybersecurity as well as in software development, we bring in-depth expertise in this area, which we successfully apply to our work.
A penetration test is an essential part of the security management (cybersecurity management) of a system, with the purpose of ensuring the integrity and confidentiality of data and systems.
Generally, all systems that can be reached from the outside are included in the scope. Social engineering attack or phishing attempts are not performed by Codepurple. If there are systems which must not be analysed, these can be excluded by the customer. In general, the less excluded, the more meaningful the outcome.
A one-time penetration test is not enough to protect the system in the long run. Regular testing is required to ensure that the vulnerabilities that arise from changes to the system or even new threats are identified. This helps the company to stay on the cutting edge of security.
Both your financial risk and the risk of your IT systems becoming unavailable is small. Thanks to defined scopes, the costs are clearly defined.
Hackers act like surgeons, the aim is not to cause damage, but to find gaps and not to affect the IT systems.
The term hacker often has a negative connotation. This is unjustified. Most hackers have no evil or criminal intentions. So the term "ethical hacker" or "white-hat hacker" has become established for the friendly hackers.
After each new release of software, you should run a pentest to check whether any gaps have been inadvertently introduced.
Source: Codepurple
X
Do you have any questions? Would you like to get to know us?
Contact us without obligation:
Kathrin Müller is looking forward to hearing from you and will be happy to organize a meeting according to your needs.
nanio GmbH (Codepurple)
Moosweg 24
5606 Dintikon