Exposed IT sytems are publicly accessible via the Internet and thus easy targets for hackers, crawlers and bots.
Scope of the pentest
During this assessment, our ethical hackers evaluate your public IT infrastructure regarding vulnerabilities and misconfigurations. Our tests are conducted on the network layer. Partial tests are conducted on the application layer. The test is usually conducted remotely.
Exemplary test objects:
Cloud-based attacks have increased sixfold in the period from January until April 2020. ¹
68 percent of executives notice a feeling of increased cybersecurity risks.²
According to the FBI, Internet crime has tripled since the begin of the Corona pandemic in 2020. ³
Penetration test of public IT-Infrastructure
A penetration test of your publicly accessible IT infrastructure focuses on the perspective of an external attacker and includes a security analysis of all your systems that can be accessed from the Internet. We simulate a real attacker who tries to compromise your externally available systems without prior knowledge (black-box).
In the first stage, we carry out a passive analysis of publicly accessible information about your infrastructure. The focus lies on identifying systems, services and vulnerabilities. We are then presenting our analysis results to you and define together the scope of the following active tests.
These active tests consist of an automated vulnerability scan and a manual analysis of the active network services of all systems defined in the project scope.
The goal is to give you a well-founded statement about the potential risk of an attack on your external IT infrastructure. Our tests are carried out without any information about the infrastructure included in the scope as well as without valid user accounts for possible authentication (black-box).
1 - https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/
2 - Own statistics based on customer projects
3 - https://www.imcgrupo.com/covid-19-news-fbi-reports-300-increase-in-reported-cybercrimes/