Infrastructure

Public IT-Infrastructure

Exposed IT sytems are publicly accessible via the Internet and thus easy targets for hackers, crawlers and bots.

Scope of the pentest

During this assessment, our ethical hackers evaluate your public IT infrastructure regarding vulnerabilities and misconfigurations. Our tests are conducted on the network layer. Partial tests are conducted on the application layer. The test is usually conducted remotely.

Exemplary test objects:

VPN Server

Providing a secure and encrypted connection to your internal network.

Web applications

Homepage, customer portal or web shops via IIS, Apache, Nginx

Mobile Device Management

Applications and network services for the administration of mobile devices.

File Server

File access using network protocols such as SFTP, FTP or WebDAV

E-Mail Server

Management of E-Mails using protocols such as SMTP, POP3 or IMAP

Cloud Services

IT systems in the cloud, e.g., docker containers or S3 buckets

Cloud-based attacks have increased sixfold in the period from January until April 2020. ¹

68%

68 percent of executives notice a feeling of increased cybersecurity risks.²

According to the FBI, Internet crime has tripled since the begin of the Corona pandemic in 2020. ³

Penetration test of public IT-Infrastructure

Our approach

A penetration test of your publicly accessible IT infrastructure focuses on the perspective of an external attacker and includes a security analysis of all your systems that can be accessed from the Internet. We simulate a real attacker who tries to compromise your externally available systems without prior knowledge (black-box).

In the first stage, we carry out a passive analysis of publicly accessible information about your infrastructure. The focus lies on identifying systems, services and vulnerabilities. We are then presenting our analysis results to you and define together the scope of the following active tests.

These active tests consist of an automated vulnerability scan and a manual analysis of the active network services of all systems defined in the project scope.

fördermittel zuschüsse

The goal is to give you a well-founded statement about the potential risk of an attack on your external IT infrastructure. Our tests are carried out without any information about the infrastructure included in the scope as well as without valid user accounts for possible authentication (black-box).

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.