IT penetration tests - simulate attacks, increase security
We realistically test your IT systems for vulnerabilities before attackers do. With our configurator, you can put together the right pentest transparently.
Why an IT pentest is indispensable
Today, corporate IT is exposed to a wide range of risks: from outdated or incorrectly configured systems in the internal network to externally accessible servers and services. The threat situation is constantly growing and attacks are becoming more targeted and professional. At the same time, standards and specifications such as ISO 27001 or NIS2 require proof of effective security measures. An IT pentest helps to meet these requirements and uncover specific vulnerabilities in good time.
Realistic simulation of attackers
Transparent presentation of risks
Clear recommendations for action
IT pentest at a glance
What we test for you - from networks to applications, to uncover security gaps before others do.
IT infrastructure
In an infrastructure pentest, we check your internal systems such as servers, routers, switches or access points. We simulate an attacker in the company network with little prior knowledge and identify vulnerabilities such as outdated software, misconfigurations or insecure access.
Scope:
- Checking the network level from an internal perspective
- Identification of open ports and services
- Vulnerability scans and manual checks
- Assessment of patch status, configuration and access controls
Applications & interfaces (Web App / API)
We test your applications or APIs for typical vulnerabilities in logic, authorizations and interfaces. The test is based on OWASP Top 10 and common standards.
Scope:
- Input validation, error handling, sessions
- Authentication and rights management
- Business logic tests (e.g. roles, workflows, payment flows)
- API endpoints: Input/output, interface logic, documentation
- Combination of vulnerabilities into realistic attack scenarios
Procedure & quality
This is how your pentest with ICS works.
All tests are carried out in accordance with recognized standards such as OWASP, PTES and OSSTMM. We proceed in a structured and careful manner so as not to compromise your systems and at the same time obtain a realistic picture of your security situation.
1. Scoping & Target Definition
2. Implementation & Tests
3. Evaluation & Catalog of Measures
4. Final Meeting & Follow-up
Report & conclusion
Clear results, comprehensible measures
Each pentest contains a report with all findings, risk assessment and prioritization. We offer an optional web review or on-site workshop.
Ready to test your systems?
Put together the right pentest now or talk to us directly about your project.
FAQ - Frequently asked questions
How are the systems to be tested counted?
We count unique, addressable systems such as servers, routers, switches or routers. We clarify replicated systems individually, often counting them as a single system.
How does the price scale for IT infrastructure work in the configurator?
Prices increase in stages depending on the number of systems (in increments of 10 - e.g. 1-10, 11-20 etc.) From 50 systems upwards, we will be happy to provide you with a customized quote.
What does the Active Directory Security Test involve?
The AD test analyzes your AD environment for misconfigurations and identifies attack paths through to domain admin rights - a separate, in-depth check.
Can I request the Insider Threat Test separately?
Yes, the simulation of an "insider attack" can be booked as a stand-alone test or combined with an infrastructure pentest - you receive a price advantage for the combination.
Which add-ons can be usefully combined?
Depending on your requirements, you can add workstation or IDS tests, wireless security or OSINT, for example, to match the selected areas.
Will the IT pentest affect my productive operations?
We plan our tests in a coordinated manner. Many steps can be carried out in a test environment or outside the production flow. Also possible: low-risk approaches in sensitive environments.
What happens if my infrastructure is larger than 50 systems?
For large or complex environments, we create a customized offer. Contact us directly to coordinate the scope, costs and process in the best possible way.