“Thank you for performing an excellent audit. The proposed patches and improvements made our application secure and we feel much more comfortable deploying our code to serve our customers.”
Joost van Dijk | SURFnet
Why do you need a penetration test?
The number of hacker attacks on companies has increased steadily. Today the criminals use a wide range of attack techniques intending to steal your valuable company and customer data, as well as gaining control of your web application or the systems below. With the help of a penetration test, vulnerabilities in your systems can be detected and eliminated in advance. This penetration test allows you to protect your data and systems effectively against attacks.
To effectively protect your company and customer data and prevent the expense of valuable time and costs in successful hacker attacks, we recommend you to verify the security of your application in a penetration test. A penetration test identifies possible weak points before an attacker discovers them. It enables you to apply appropriate countermeasures to eliminate the detected vulnerabilities and prevent attacks from the beginning.
Which phases does a penetration test consist of?
At the beginning of a penetration test, a kick-off meeting is held. In this meeting, the penetration test's scope is defined so that open questions can be addressed precisely. These include the following questions:
- Against which attackers should the systems be protected?
- Which security goals should be achieved?
- Which systems should be analyzed and therefore be protected?
- Should the systems be analyzed in a black box, grey box, or white box test (source code audit)?
- Should the penetration test be performed at your office or remotely?
The duration of a penetration test depends on the aspects mentioned above. We will discuss the duration and timeframe of the penetration test with you in the kick-off meeting.
In phase 2, Hackmanit will conduct an in-depth security analysis based on the points specified in phase 1. During the analysis of the relevant systems, vulnerabilities are identified and, if necessary, you will be informed immediately with suggestions for effective countermeasures; this approach is particularly useful for critical security weaknesses or live systems. Hackmanit gives you regular status updates and informs you about the progress of the penetration test.
To support the manual analysis, Hackmanit uses several professional self-developed tools. Some of these tools are available for free download as open-source versions and can be used by you for first superficial checks: To the overview of the open-source tools.
In the 3rd phase, you will receive a penetration test report that explains all identified vulnerabilities and possible countermeasures. Besides, the report contains a documentation of the tools and methodology used, a list of all tests performed, and further recommendations to strengthen the security of your systems. Additionally, a presentation of the results of the penetration test can be held at your office.
In the 4th phase, the identified weaknesses are fixed. We are always available and ready to support you in this phase, of course. We will be happy to provide you with details, advice, explanations, and countermeasures included in the report if you wish.
In phase 5 a retest is performed. In the first step, we check whether the vulnerabilities detected in phase 2 have been successfully fixed. In the second step, the parts of the application modified after the penetration test are audited again, as the changes may introduce new vulnerabilities. This phase is concluded with an updated report from phase 3.
In this phase, we discuss which additional measures can be taken to prevent future flaws. This includes aspects such as the introduction of automated measures to harden the security of your systems and the implementation of targeted training for your employees.
The measures defined in phase 6 are applied. For example, your employees attend one of our security training courses. This helps to understand the details of the identified weaknesses and enables you to avoid implementation flaws in future development.
Why is Hackmanit the right choice for you?
In 2014 Hackmanit was founded by IT security experts from the Ruhr University Bochum. Thanks to the profound knowledge, which is continuously updated with current research results, Hackmanit offers you a comprehensive and professional analysis of your application. A verifiable expert knowledge is available, especially in front-end security (e.g., XSS, clickjacking) and back-end security (e.g., TLS, web services, SSO) of web applications.
Numerous customers, both SMEs and DAX companies, trust Hackmanit's high-quality penetration tests to strengthen the security of their applications and reduce the impact of hacker attacks in the long term.
See for yourself:
Penetration test of the DNS-based
single sign-on solution DENIC ID
password manager KeeWeb
Are you unsure whether a penetration test is the right procedure for you? We would be pleased to discuss individual options for increasing the security of your application in a non-binding meeting.
Your Contact for Penetration Tests
Prof. Dr. Marcus Niemietz