Small and medium-sized businesses

SME Pentest

A special pentest for small and medium-sized companies (KMU), to assess core risks in your organisation.

Cyber Security Check

The first step of a hacker is an information gathering phase. We evaluate, which information about your comapny can be obtain from public sources.

Leaked Information

We check, whether data of your employees has been affected by data leaks and whether this data is publicly accessible.

Public Infrastructure

We evaluate public infrastructure (e.g., VPN servers, applications, e-mail servers) regarding known vulnerabilities.

Internal infrastructure

We conduct a full vulnerability scan of your infrastructure. You receive an overview of identified vulnerabilities and attack vectors.

Active Directory

We assess your Active Directory (AD) towards misconfigurations and vulnerabilities. This includes analysing, whether attackers can obtain administrative rights.

Leaked Information

A phishing campaign is often the initial attack vector. With a phishing campaign we check the awareness of the users and

from 6.900 € plus VAT at fixed price

360° Analysis

Our package offer for you:

We analyse your infrastructure from different viewpoints in a risk based assessment. Your get a detailled overview of possible vulnerabilities from the perspective of a hacker. We analyse internal, as well as external attack vectors.

We incorporate current attack methods and common vulnerabilities. The penetration test is a combination of automated and manual testing.

You receive a detailled report of all our findings including remediation recommendations for all identified vulnerabilities.

IT-Security in KMU

Data & facts

Average damage caused by manual hacking
0 %
all companies in Germany have been victims of cyber attacks
0 %
the affected companies had direct costs caused by the attacks

KMU Pentest

Specification of our services

An in-depth analysis of individual IT components, such as the Active Directory or a single application is oftentimes not viable for small and medium-sized companies. The test effort is comparably high and the results are limited to particular systems. Oftentimes, an overview of general vulnerabilities and so called “quick wins” of the infrastructure makes more sense.

Therefore we have developed a pentest package that serves the needs of KMU companies. We thus favor a broad assessment of your infrastructure over in-depth testing of single components. You receive a broad overview of possible attack vectors. Based on the KMU pentest you can task us to conduct more specific tests of single components.

The KMU pentest includes manual, as well as automated testing methods. Of course you will receive a full reportdetailing the conducted testing methodology, results and recommendations.

kmu pentest

With our KMU pentest you receive a full-featured assessment following our general quality standards. The KMU pentest is conducted in adherence to our processes and consists of the following phases:

Service components

Cyber Security Check

We check public resources for sensitive data about your company. This is generally the first step of an attacker.

Leaked Information

We run a phishing campaign for you and check user awareness. You can choose from our campaigns.

Public infrastructure

We evaluate public endpoints regarding vulnerabilities and attack vectors, e.g., open ports or outdated software.

Internal infrastructure

In your internal infrastructure we conduct a full scan and evaluate identified vulnerabilities.

Active Directory

The AD is usually a critical infrastructure component. We assess for example whether an attacker can gain administrative privileges.

Password Audit

We examine the password strength and quality in your company. Our technical analysis is performed without user context and is privacy compliant.

Comparison with individual pentests

  • KMU Extern
  • Popular
    KMU Intern
  • KMU Complete
KMU Extern
KMU Intern
KMU Complete
zzgl. MwSt.
zzgl. MwSt.
zzgl. MwSt.
Cyber Security Check
- Password Leaks
- Public vulnerabilities
- View of an external attacker
- Excel final report
Public infrastructure
max. 40 publicly accessible hosts
- Selection from our standard campaigns
Internal infrastructure
max. 40 internally accessible hosts
Active Directory
Full AD audit of a domain
Password Audit
We analyze the password quality of your user accounts.
KMU Pentest anfragenZum KonfiguratorBuy Now

Frequent questions regarding KMU pentests

Per definition of the EU commission, KMU companies have less than 250 employees and an annual turnover up to 50 million € or a balance sheet total not exceeding 43 million €. More information on the KMU definition can be found under:KMU-Definition der Europäischen Kommission – Förderberatung.

The KMU pentest is a fixed price offer, which we only offer in this package. If you have additional requirements, we can extend the KMU pentest or create an individual pentest offer for you.

No, the KMU pentest can also be conducted remotely. In this case we provide you with an access box that you set up in your network. Using the access box our testers can conduct all necessary tests. Simply return the box to us after the pentest is completed. In this case no additional travel fees arise.

In some federate states grants will be given for IT security services, such as penetration tests. We gladly advise when applying for grants. Please talk to one of our consultants.

You receive a detailed report with all findings and detailed remediation recommendations. Of course we support you after the test is finished (e.g., with the remediation of vulnerabilites or a retest for the verification of implemented measures). Our affiliate, the tacticx Consulting GmbH, can also provide you with extensive assistance in the field of IT security or data protection.