We identify gateways into systems and applications and reduce your risk

Protect your systems proactively

If vulnerabilities in your systems and applications are not detected and closed in time, attackers can compromise your systems. This can lead to a loss of confidentiality, integrity and availability of your data. Are your systems properly protected?


A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted, customized and creative manner using the same methods and means that attackers would use. This way we identify potential vulnerabilities and points of attack at an early stage so that you can correct them before they can be exploited by an attacker.

What are your drivers?

Conducting a penetration test allows you to identify possible risks and ensures that your partners and service providers comply with a wide range of regulations.

You are required by regulatory, contractual or internal requirements to perform printer tests.
You need a successfully conducted penetration test to conclude a cyber insurance policy
Your employees work on a mobile basis and you do not want to offer attackers any gateways
As a hardware or software manufacturer, you are serious about protecting your customers’ data.
You place the highest demands on the security of your own IT infrastructure, as well as on those of your partners and service providers.
You do not want to lose your customers’ trust and protect your company from financial and reputational losses

How do we get started?

Some preparatory steps are necessary before the actual pentest can be conducted in order to guarantee that the analysis is optimally tailored to your company. Important criteria for defining your scope are the need for protection, possible risks of compromise and the time allocated for the pentest. Based on these preliminary considerations, we define the scope and possible attack scenarios.



Guaranteed quality and transparency

Our tool-based reproducible approach will be used in the analysis process tailored to your needs. Thanks to our usd HeroLab Toolchain, we have more time for extensive, manual analyses. We ensure transparency for all analyses we perform, so you know exactly what was tested.

Our pentest portfolio


Servers, work stations and network components
IT system security is one of the most important aspects of corporate security. After a successful attack, attackers exploit vulnerabilities on network and system levels to spread in the corporate network.

Web applications

Web applications and services
Web applications are an essenital part of our daily work. However, their wide-spread use holds certain risks, as web applications often process and exchange sensitive data. This turns web applications into popular targets for attackers.

Mobile applications

Android & iOS
Mobile applications, or apps for short, are gaining in importance and popularity. Sensitive information is transmitted and also stored directly on end devices. Vulnerabilities allow attackers to access user data or even the company’s internal network.


AWS, Azure & Google Cloud Platform
Security considerations cannot be dismissed when moving data to the cloud. As a user you must ensure the security of your data. It is therefore crucial that you evaluate the security of your cloud environment.

Fat Clients

Native applications on Windows and Unix systems
Companies icreasingly use so-called fat clients, which run natively on the operating system and are not available through the Browser. These applications are often developed in-house and can pose a high risk to corporate security.


Systems and applications
Mainframes are generally regarded as particularly robust and secure. But even here, errors in development, configuration and operation can lead to vulnerabilities with consequences that threaten the existence of companies. For this reason, security checks should be carried out regularly.


Security vulnerabilities in applications and incorrectly configured system services are ideal entry points for malware to infect individual computers or an entire network. Workstations or clients, such as Windows notebooks, are often the entry point.

SAP Pentest usd AG

SAP Infrastructure

SAP systems and FIORI web applications
The company's own SAP systems are often one of the most critical areas for the IT security organization of a company. Exploiting a vulnerability in such an environment can have serious and sometimes substantial consequences. 

Single sign-on (SSO)

Open ID Connect 1.0, OAuth 2.0, SAML

SSO holds opportunities but also many risks. Misconfigurations or weaknesses in the implemented solution can pose substantial risks, including compromising the confidentiality, integrity, and availability of application and user data.

Individual Testing Areas

Are you looking for a pentest of a component you could not find above? We can certainly analyze your environment, such as:

  • WLAN
  • VoIP telephone system
  • Mobile application management
  • Mobile device management
  • Business software, such as SAP
  • and much more

What we do

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Preperation and kick-off

Our Pentest Service Management supports you in the acquisition of information, documents and information relevant for the kick-off. The pentest is prepared at a kick-off meeting with the responsible technical and organizational specialists of your company. In this meeting, we specify the IT systems to be tested, coordinate necessary user accounts and access channels, define contact partners and escalation channels and discuss the test procedure in detail.


We conduct our pentests primarily on the basis of a Greybox apporach. On request, we can conduct our pentests on the basis of a black- or Whitebox approach.


We will inform you in time about the start date and send you a reminder in advance. Subsequently, our security analysts will start with the pentest in consideration of the criteria specified in the kick-off. The pentest can be conducted on your site or from usd AG’s high-security network via Internet. Our usd OrangeBox can support you in establishing the VPN connection. We stay in constant dialogue with you throughout the entire analysis and keep you informed about progress and status on a daily basis.


First of all, the systems and applications to be tested are analyzed for their attack surface. Potential vulnerabilities can be identified and verified by using different techniques and applying well-established tools as well as our usd HeroLab Toolchain. Attack scenarios as well as the exploitation of identified, potential vulnerabilities, which could with a high probability affect the availability of IT systems and applications, are discussed with you on a case-by-case basis and only carried out after your explicit approval.

You will receive a comprehensive report comprising an Executive Summary and a Technical Report. This gives you a thorough overview of potential threats and vulnerabilities in your IT infrastructure. This report contains the identified risks and recommendations for corrective measures, so that you can sustainably increase your security level and minimize your risks.

The remediation phase comprises the most important steps after technical secuirity analysis have been conducted. Here, your company eliminates the identified vulnerabilities based on the recommendation of your security analysts. Optionally, we provide the best possible support for you.

Retest and report adjustment
Optionally, you can verify the correct implementation of the corrective measures with a selective re-test. Especially if the pentration test is performed for compliance reasons (e.g. due to PCI DSS requirements), the re-test is a necessary part of the penetration test. You will receive the results of the re-test in the form of an comprehensive report. If the pentest results meet the requirements of PCI DSS, we will gladly issue you with our security certificate. This enables you to demonstrate to third parties that you take security seriously.

Your advantage at a glace

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Preparation & follow-up

Organizing pentest can be very complex if a large number of systems and applications are in use. On demand, we can provide you with comprehensive support in organizing and following up your pentests. Please feel free to contact us.

Top Expertise

Services provided by highly qualified security analysts who are certified according to the “usd HeroLab Certified Professional” (UCP) and internationally recognized standards.

Internationale Standards & Compliance

When conducting penetration tests, we take the following international standards and best practices into account:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Technical Guide to Information Security Testing and Assessment (NIST SP800-115)
  • Recommendations of the German Federal Office for Information Security (BSI)
  • Open Web Application Security Project (OWASP)

We will be happy to tailor our process model to the requirements of your company and help you to meet your regulatory requirements.

Comprehensibility & transparency

Increased transparency through comprehensible documentation of the procedure, the identified vulnerabilities and all performed analyses.

Evaluation & recommendation

Comprehensive report including an overall security recommendation, risk assessment and recommended corrective measures.


Besides our own risk rating, we offer vulnerability scoring according to internationally recognized metrics (for example Common Weakness Scoring System (CWSS) or Common Vulnerability Scoring System (CVSS)).

Automation & reproducibility

Conducting a reproducible, high quality analysis for weak points in your garden gates by the efficient use of our usd HeroLab Toolchain as well as tools from internationally recognized manufacturers.



Please contact us with any questions or queries.


Phone: +49 6102 8631-190
Contact Form


Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE