Skip to content
Security audit

Configuration Review

Security check of the active configuration of an IT component or larger IT environment according to manufacturer specifications and CIS benchmarks with proven hardening recommendations.

Scope of the pentest

In this penetration test, we examine the active configuration of one of your IT components. These include, for example:

Operating systems

Windows 10/11, Windows Server, Ubuntu Linux, Fedora Linux, Redhat Enterprise Linux, and many more.

Web server, reverse proxy or load balancer

Nginx, Apache, Traefik, Caddy, HAProxy, F5 Big IP and many more


MSSQL, MySQL, Mariadb, Postgresql, Oracle, Redis and many more

Cloud environments

MS O365, MS SharePoint, MS Azure, Amazon AWS, Google GCP, Docker, Kubernetes, and much more.

Firewalls, routers, switches

Cisco, Fortinet, Palo Alto Networks, Check Point, Sophos, WatchGuard, Jupiter and many more

Identity Providers (IdP)

Keycloak, Authentik, Okta, Auth0, Azure AD, Shibboleth and many more

In most configuration reviews, we find that test objects are insufficiently hardened.
Many test objects are not configured for safety in their standard configuration. ¹

Configuration Review

Our approach

The secure configuration and hardening of operating systems, application servers and databases is an important basis for protection against attacks. 

In this security analysis, we examine one of your IT infrastructure components for proven hardening measures. We generally use recommendations from manufacturers and benchmarks from the Center for Internet Security (CIS).

In the first step, we work with you to extract the relevant configurations of the test object. We then carry out an analysis of the active configuration and compare it with recognized recommendations. As a result of the analysis, you will receive a final report with detailed hardening measures for all findings identified by us. 

The aim of the configuration review is to optimize and harden your IT system or environment in order to minimize the risk of successful attacks.

level of quality service satisfaction customer l 2021 08 26 16 56 59 utc

A configuration review is considered an extended hardening measure and provides detailed information on the current configuration of an IT component.


1 - Own statistics from our client assessments