Pentest

We identify gateways into systems and applications and reduce your risk

Pentest

We identify gateways into systems and applications and reduce your risk

Protect your company proactively with our Pentetration Test

A Penetration Test, or Pentest for short, is an effective IT security measure to analyze the security level of your systems, networks and applications and is often required to comply with compliance requirements. Conducting a Pentest allows you to identify possible risks at an early stage and ensures that your partners and service providers comply with a wide range of regulations.

With usd HeroLab, you have one of the leading providers of technical security analyses by your side. However, we don't operate alone. We are part of the knowledge network of usd AG as auditor and consultant and have an extensive partner network. This means you not only get technical security analyses at the highest level, but also expertise in compliance and organizational matters related to information security.

Pentest

Understanding a Hacker's Mind

In usd Pentests, our security analysts assume the role of a malicious hacker and simulate attacks on your IT system landscape. They attempt to penetrate your company's systems in a targeted, individual and creative manner using the same methods, techniques and procedures that attackers would use. The goal is to find as many vulnerabilities and attack points as possible so that you can fix them in time before they can be exploited by a real attacker.

When was the last time you checked your IT security?

New vulnerabilities are constantly being discovered, for example through hacker attacks. Changes to the IT environment, for example through software updates, can lead to new security vulnerabilities.

Therefore, Penetration Tests should be repeated regularly over a period of one year and should be firmly integrated into the security process. We will be happy to support you!

Our Portfolio

System Pentest

Servers and network components

You want to ensure that your network is protected against attackers on the infrastructure level?

Web Application Pentest

Web applications

You run an online store and would like to protect yourself preventively against cyber attacks?

    API Pentest

    Interfaces

    You provide APIs or web services and want to protect against attackers?

      Mobile App Pentest

      Android & iOS

      You provide iOS or Android apps and want to check whether they are sufficiently protected against unauthorized third-party access?

      Active Directory Pentest

      Microsoft Directory Service

      Is your company using Microsoft's Actice Directory for managing user accounts and resources and do you want to check its IT security?

      Cloud Pentest

      AWS, Azure & Google Cloud Plattform 

      You want to increase the security of your cloud infrastructure (e.g. AWS, Azure & Google Cloud Platform)?

      SAP Pentest usd AG

      SAP Pentest

      SAP systems and FIORI web applications

      You use SAP systems or FIORI web applications in your company and would like to check their security?

      Fat Client Pentest

      Native applications on Windows and Unix systems

      You use applications or programs from Windows or Unix systems and you would like to ensure that they do not pose a gateway for hackers?

      Mainframe Pentest

      Systems and applications

      Your company regularly processes enormous amounts of data and therefore uses mainframes and you would like to check whether your mainframe is protected against hacker attacks?

      Single Sign-On Pentest, usd AG

      Single Sign-On (SSO) Pentest

      Open ID Connect 1.0, OAuth 2.0, SAML

      You rely on the Single Sign-On (SSO) procedure for user authentication and would like to check the security of your SSO solution?

      Workstation Pentest

      Notebooks

      You want to check whether an attacker can compromise the company network via your employees' laptops?

      Individual Pentests

      WLAN, VoIP telephone system, Mobile application management, Mobile device management, Business software, and much more

      Possible questions about your IT security that we can answer during an individual Penetration Test:

       

      • You are a hardware or software manufacturer and take the protection of your customers' data seriously.
      • You are a SWIFT user and are required to perform a Penetration Test.
      • You need a successfully performed Penetration Test to conclude a cyber insurance policy.
      • You wonder if a hacker can successfully compromise the client IT systems through ransomware.
      • You are in the PCI DSS scope and are required to perform a Penetration Test.
      • You want to check whether employees can maliciously extend their local user privileges and thus execute a deeper attack.
      • You want to know if attackers can use phishing emails to attack your employees and gain access to your IT systems.

        More insights into Penetration Testing

        Our approach

        Our security analysts have developed a proven procedure for conducting Pentests based on recognized international standards and many years of experience. If you are subject to PCI DSS, we identify relevant vulnerabilities for your PCI DSS v4.0 compliance and provide you with details on the affected PCI DSS requirements. The use of the usd HeroLab toolchain as well as tools from internationally recognized manufacturers allows our security analysts to perform their tests even more efficiently and comprehensively and leaves time for in-depth, manual analyses.

        Your advantages of usd Pentests

        Fulfillment of your compliance requirements. Optimal support during the entire Pentest project. Comprehensive final report. Documentation of PCI DSS v4.0 relevant vulnerabilities and detailed information on the corresponding requirements during PCI DSS pentests and much more. Learn more about your advantages of usd Pentests here.

        Pentest provider: Evaluation of offer and quality

        The number of pentest providers is increasing. Thorough evaluation of pentest offerings and quality is becoming increasingly difficult. Learn more here about the performance characteristics that can help you choosing the right partner.

        More insights into Penetration Testing

        Our approach

        Our security analysts have developed a proven procedure for conducting Pentests based on recognized international standards and many years of experience. Our security analysts have developed a proven procedure for conducting Pentests based on recognized international standards and many years of experience. If you are subject to PCI DSS, we identify relevant vulnerabilities for your PCI DSS v4.0 compliance and provide you with details on the affected PCI DSS requirements. The use of the usd HeroLab toolchain as well as tools from internationally recognized manufacturers allows our security analysts to perform their tests even more efficiently and comprehensively and leaves time for in-depth, manual analyses. 

        Your advantages of usd Pentests

        Fulfillment of your compliance requirements. Optimal support during the entire Pentest project. Comprehensive final report. Documentation of PCI DSS v4.0 relevant vulnerabilities and detailed information on the corresponding requirements during PCI DSS pentests and much more. Learn more about your advantages of usd Pentests here.

        Pentest provider: Evaluation of offer and quality

        The number of pentest providers is increasing. Thorough evaluation of pentest offerings and quality is becoming increasingly difficult. Learn more here about the performance characteristics that can help you choosing the right partner.

        Do you have any questions or need support?

        "We are happy to advice you on your options for having your systems and applications checked by our experienced security analysts."

        Daniel Heyne, usd Team Lead Sales, Security Consultant Pentest, OSCP, OSCE

        Do you have any questions or need support?

        "We are happy to advice you on your options for having your systems and applications checked by our experienced security analysts."

        Daniel Heyne, usd Team Lead Sales, Security Consultant Pentest, OSCP, OSCE