Penetrationstest / Pentest

IT security is not only a question of protecting one's own company, but also a question of social responsibility to protect sensitive information and ensure that one's own services can be offered to customers in a sustainable manner.

How does a Penetration Test work?

An IT security penetration test is used to assess the potential for attacks on IT networks and systems. Both the installed applications and the underlying carrier systems can be checked. Typical test targets include web applications, mobile applications, network components, security gateways and servers.
 
There are two main types of tests: blackbox and whitebox tests. Blackbox tests simulate attacks with limited information, while whitebox tests are based on comprehensive information. Berlin Cert focuses on whitebox tests because they are more thorough and pose fewer risks. Tests can be performed at varying depths, avoiding destructive tests.
 
We use automated vulnerability scanners that are individually adapted to customer needs and test objects. The goal of our services is to uncover vulnerabilities without taking unnecessary risks.
 
A pentest is also an optimal complement to an information security management system (ISMS). It is therefore mandatory for digital health applications (DiGA), for example.

Our Services

What value does a penetration test add?

  • Strengthening the trust of customers, partners, and suppliers
    Web applications are often customer-facing, which means that their security has a direct positive impact on data privacy and therefore customer trust.
    In addition, you show your partners and suppliers that you take data protection seriously and take measures to secure your business activities.
  • Comply with regulatory requirements
    Many industries and privacy laws require regular security testing of web applications. When you begin these tests, you not only improve security, but also comply with regulations such as the European Union's General Data Protection Regulation.
  • Enhance security:
    The results summarized in our test report are usually easy to interpret and implement. You receive a list of vulnerabilities ranked by severity, often with recommendations for remediation. This makes it easier for your IT team to prioritize and take action.

How does a penetration test work?

penetration testing

First, together with the responsible tester, you define the goal and scope of the penetration test. Next, we obtain all the basic information about the system to be tested - just as potential attackers do.

In this phase, we systematically check your system for security risks and evaluate them.

Our IT security experts are now reviewing the vulnerabilities in a targeted manner to identify specific entry points.

All results are now combined into a risk profile of the tested system.

The greatest added value for our customers comes from our detailed report on the weaknesses found and the overview of possible courses of action.

FAQ Penetration Testing

We recommend you to start with our basic package. With a clearly defined scope, the price varies only according to the number and features of your software.  The package includes all steps, from planning and exploration to a meaningful report - in other words, a solid result without hidden costs.
 
Only after the basic test has been completed, we will decide together with you for each of your products whether additional tests make sense.
We will be happy to send you an offer: Request a quote.

A pentest should ideally be performed as early as possible in the development process to identify vulnerabilities and potential risks. This allows you to proactively address security issues and avoid costly fixes later on. The perfect starting time for a pentest depends, among other things, on
 
  • the type of product
  • its development cycle, and
  • any legal requirements.
 
We recommend working with our experts to determine the most appropriate schedule for your specific project.

How often a pentest should be performed depends on a number of factors, e.g.
  • the frequency of major code changes
  • the integration and nature of new functions, or
  • the deployment of new infrastructure components.
 
We recommend performing a pentest at least once a year or after major updates to ensure that your systems are up to date and resistant to current threats. Remember that the cybersecurity landscape is constantly evolving. Therefore, it is important to conduct regular assessments to maintain a strong security posture.
It may also be necessary to conduct more frequent testing, for example, if your company is subject to certain compliance requirements or operates in a high-risk industry.

Once the pentest is complete, you will receive a comprehensive, professional report detailing the results. This report includes an overview of the vulnerabilities discovered, their potential impact, and approaches for corrective action. In addition to the written report, we provide a face-to-face presentation to ensure you fully understand the findings and potential impact.
Our goal is to help you develop secure software products to protect your customers and your systems from potential threats.