CONSULTING | ASSESSMENTS
Penetrationtest | Pentest
The ultimate test for your IT security landscape.
Proactive vulnerability analysis through realistic attack simulations
Individual reports with clear recommendations for action
Sustainable optimization towards DORA and NIS2 compliance
Would you like to learn more about our pentesting services and prices?
CONSULTING | ASSESSMENTS
Penetrations-tests | Pentests
The ultimate test for your IT security landscape.
Targeted vulnerability analysis through realistic attack simulations
Individual reports with clear recommendations for action
Lasting optimization of the IT security landscape
Would you like to learn more about our pentesting services and prices?
One of the most effective methods of assessing an organization's security status is penetration testing – a targeted IT security audit to uncover potential gaps in IT infrastructures. An important step towards DORA and NIS2 compliance.
Our experts conduct penetration tests to check your company for vulnerabilities – using the same tools, tactics, and procedures as real attackers, as well as strategic testing and consulting.
Based on our many years of experience and expertise in the areas of offensive and defensive security, we offer you customized recommendations and solutions to minimize your attack surface – pragmatic, structured, and optimized for medium-sized businesses.
What gaps does your IT infrastructure have?
SECURITY FACTORY | IDENTIFY | PENETRATIONTEST
Pentesting Services
Depending on the specific threat situation, insurer requirements, or regulatory requirements, we offer various penetration tests and assessments.
External Pentest
Testing of the network perimeter, i.e. IT services accessible via the public Internet
Web Application Pentest
Specific analysis the security of a web-based application
USB Drop Assessment
Simulation of a realistic attack using specially prepared USB sticks
Cloud Assessment
Checking the cloud infrastructure for security vulnerabilities and misconfigurations
Internal Pentest
Testing of the internal network involving a “assume breach” approach
White-Box Web Application Pentest
Additional examination of the source code of the application for security gaps and vulnerabilities
Stolen Asset Assessment
Checking the security of a stolen device, such as a company laptop
Microsoft 365 Audit
Checking the Microsoft 365 and Entra ID configuration for security vulnerabilities and misconfigurations
Spear Phishing
Targeted attacks on users via email
Mobile App Assessment
Uncoverage of potential vulnerabilities in Android applications
WiFi Assessment
Uncoverage of vulnerabilities in a WiFi infrastructure
Red Team Assessment
Simulation of a realistic attack to test the organization's overall security situation
More information about our pentesting services can be found in our comprehensive service catalog.
Would you like to know more about the individual assessments?
Contact us for a non-binding consultation!
Pentesting procedure
Pentesting usually follows a standardized procedure. The following steps form a blueprint and vary in detail depending on the type of penetration test and the individual starting situation.
Kick-off meeting
Analysis of the status quo, our team agrees the aim and scope of the pentest with you.
Reconnaissance / Intelligence Gathering
Information gathering; the aim is to obtain a complete overview of the digital attack surface.
Vulnerability Assessment
We carry out scans and check the identified vulnerabilities.
Exploitation
The actual attack on your IT system begins. The previously identified vulnerabilities are actively used to penetrate the system broadly and gain extended rights.
Report & Documentation
The vulnerabilities found are classified according to their risk and a catalog of measures is drawn up to eliminate the security issues.
What makes a good pentesting report?
Clearly structured and concise scope
Intuitive structure for quick orientation
Concise management summary for decision-makers
No standard reports – created individually and manually
Available in German or English – depending on individual requirements
Segmentation, e.g. by location or business unit
Specific, actionable recommendations for each weak point
Flexibly expandable according to individual requirements
Autonomous pentesting enables your company to carry out a penetration test quickly and efficiently. The attackers' actions can be simulated in your environment in a targeted and continuous manner using autonomous software.
Possehl Secure supports you in assessing your existing environment and the associated requirements for autonomous pentesting. This enables a targeted implementation of software for automated pentesting. The test is carried out fully automated after configuration
The results of an autonomous pentest are presented in a clear and comprehensible manner, allowing the security gaps found to be closed. After closing the security gaps, autonomous pentesting also enables uncomplicated retesting at short notice.
Autonomous Pentesting –automatically detect gaps
Our services in Managed Automated Pentesting
In Managed Autonomous Pentesting, we continuously monitor automatic vulnerability checks for you as a service provider and recommend specific actions.
Continuous testing of the most critical assets
Assessment of vulnerabilities & recommendations for correction
Release Management of the Automated Penetration Testing Software
Application Management of the Automated Penetration Testing Software
The most frequently asked questions and answers about pentesting
The pentest provides a detailed picture of the digital attack surface. The results can serve as a basis for investment decisions, enabling targeted improvements to IT security. You will also gain greater clarity about your company's security in the event of an attack. In addition, important requirements from frameworks (e.g., CIS Control 18) and regulations (e.g., NIS2 and DORA) are addressed.
At the end of a pentest, you will receive a detailed overview of your vulnerabilities (including software, configuration, and design) as well as tried-and-tested recommendations for appropriate countermeasures.
Pentesting is a continuous cycle that follows a company. New vulnerabilities can appear anywhere and at any time. The constant development in the security sector requires a recurring review of the IT system landscape.
The human factor remains a key component of many security vulnerabilities. During pentests, we not only check for technical vulnerabilities, but also assess your employees' security awareness when dealing with digital threats. Controlled phishing and spear phishing campaigns can be used to simulate real attack scenarios in order to measure security awareness and strengthen it in a targeted manner. This allows us to identify weaknesses in processes and communication channels – before a real attacker does.
In contrast to manual tests, autonomous pentesting runs continuously, automatically and without external pentesters. Security gaps are quickly identified, prioritized and rectified - ideal for bridging the gap between classic pentests. In this way, you constantly minimize your attack surface and are faster than the attacker.
Individual steps can be carried out much faster than in a conventional pentest. In addition, autonomous tests can be carried out more quickly and more frequently due to the fact that trained personnel are not required. The time until the next manual pentest by pentesters can therefore be used wisely. This significantly reduces the time needed to close potential vulnerabilities and increases your security.