top of page

01

definition of the scope

We receive information from the client about the systems, email addresses and IP addresses to be checked. On this basis, we determine all systems, subdomains and email addresses that can be assigned to the area. If certain systems or addresses are not checked, they can be removed or added again at any time.

02

Conducting the Penetration Test

A complete remote check of the external infrastructure (web servers, VPN gateways, mail servers, web applications, etc.) is carried out for security gaps and possible entry points from the perspective of a potential attacker using our fully automated scan cluster. A check is then also carried out to see whether any stolen company data records are circulating on the darknet.

03

Evaluation

After the review is complete, the security vulnerabilities found are classified, summarized and rated in eleven different categories (e.g. web security, passwords) based on type (according to CVSS), criticality, urgency, properties and affected systems. The integrated AI assigns a rating from A to F, with A being the best and F being the worst, thus indicating the existence of many critical security vulnerabilities. In addition, the most common security problems and the most vulnerable systems in the infrastructure are listed. This allows the right conclusions to be drawn, which makes prioritization easier and can significantly minimize the effort.

04

recommendations for improvements

We prepare the analysis for you in an understandable form and show you where specific action is required. The categorization and harmonization of the numerous data enable a quick overview and a quick understanding of the current security situation.

We will also give you recommendations on the measures or, if you wish, support you in their implementation.

The result is impressive: a well-founded, understandable and cost-effective assessment of the client's security situation!

How does our penetration test work

Der Ablauf im Überblick

​Häufige Fragen rund um Penetration Testing

How long does the penetration test take?

We are fast and flexible in terms of time. Depending on the target, number of objects and size of the company, the turnaround time per scan is at least 3 days (for companies with up to 250 employees). For multiple targets and larger infrastructure, it can take a few days longer.

Can I use this to meet standard requirements?

Yes, the norms and standards (e.g. ISO27001, TISAX®) require systems and infrastructure to be audited on a regular basis, but do not specify exactly what needs to be done. In audit practice, however, an audit plan appropriate to the risk (which audit, when, which goal, etc.) is required and the demonstrable processing of vulnerabilities is addressed. In principle, proof of active management (reactive, preventive) of (potential) vulnerabilities is conducive to a positive audit result. But this is also important in external communication to customers or the entire market, because security is an important feature today. Your customers want to be able to rely on you!

Can Opexa guarantee a penetration test at short notice?

Yes, you will receive a test result no later than 4 working days after ordering! Only for larger infrastructures (250 employees or more) we may need a little more time.

What service models do you offer?

The service is flexible and adapts to your needs.

You can choose to scan once or three times, but we also offer a fixed subscription for 12 or 36 months WITH NO limit on the number of scans.

The latter is particularly recommended for organizations with frequent changes in infrastructure or with high security requirements. A subscription is advantageous due to the unlimited number of scans and is significantly more economical in relation to the price of the individual test! The effort and therefore also the price depends on the service model and the size of the company.

Due to the constantly growing attack surface of companies, the need for IT security and thus the demand for cybersecurity measures and services is increasing. The externally accessible infrastructure must be protected and further developed in the best possible way, so it is essential to know the weak points in order to make appropriate implementation and investment decisions. A quick and needs-based manual check of the externally accessible infrastructure for weak points by experts is often not possible for reasons of capacity, time and cost. This is where we come in with our penetration test and offer a high-quality, fast and economical service.

Penetration Testing on External Infrastructure Made Easy

Our partner

bottom of page