Penetration test

We assess the IT security level in your company from two different perpectives: SySS security tests comprise the connection of the internal network with the internet as well as the specific internal infrastructure, thereby covering the most possible range of attack scenarios. 

SySS and penetration testing are inseparably linked. In 1998, the penetration test was the reason for the foundation of SySS. Today, we are market leader in Germany as well as in Europe in this field. This is why we focus on high-quality penetration testing with highest quality since we started.

Which outcomes will be achieved by a penetration test? 

• Prevent hacker attacks and system intrusions.
• Protect valuable company data and knowledge.
• Save time and reduce costs in tracing and tracking potential hacker attacks.
• Remain in control over your IT system.

The following diagram illustrates the modular structure according to which we conduct a penetration test. The approach is documented in detail in our White Paper.

Together with you, we discuss and plan the execution of the test in detail.

Analysis of the selected test objects/modules.

For each project carried out, you will receive a detailed written documentation. In this test report, we present the test results as well as a description of the test procedure and the tested objects. Therefore, the documentation serves as a comprehensive basis for the elimination of vulnerabilities. In a two-step quality assurance process, the report is reviewed for technical and linguistic accuracy.

If required, we will present our results to you and your colleagues or superiors.

Given the dynamic nature of IT systems and networks, security risks and gateways change over time. Hence, a penetration test is only a snapshot of the current security standard. If required changes are implemented in response to a penetration test, we strongly recommend an follow-up examination. We thereby determine the security impact of implemented changes on your system and check whether there are any remaining or potential new issues.

Analysis of, e.g., your IP address ranges that are accessible via the internet or selected internal systems 

Testing of your web application from various attacker perspectives

Detailed analysis of your offered web services (e.g., SOAP, REST)

Analysis of your systems from the local network, e.g., "the cleaning staff/intern scenario", client, VoIP, VLAN, Active Directory, SAP analysis, testing of production systems and critical infrastructure

Assessment of client-side vulnerabilities to targeted attacks from the internet

Test of your WLAN infrastructure

In-depth security test of mobile apps and devices (e.g., iOS, Android) as well as mobile device management solutions

Individual laboratory tests: Software, hardware and device testing, internet-of-things product testing

Analysis of your AWS or Azure environment incl. audit of configuration and penetration test