What do we mean by a penetration test, or pentest for short?
Penetration testing involves manually checking IT systems for security gaps. In contrast to the IT security audit, security gaps (e.g. buffer overflows, format string vulnerabilities or simple rainbow table attacks on NTLMv2 authentications, which unfortunately are still often used) are exploited as far as possible, so that a realistic picture of corporate security emerges.
In addition to purely technical IT security, we test other areas such as physical IT security, for example using RFID or Mifare access card tests for doors or security gates. At the end of the day, there is still the residual risk – the human being. We therefore test this risk using social engineering in most penetration tests - this is the only way to create real user awareness.
The only important thing to know is that we don't sell a Nessus or OpenVAS scan report as a penetration test, which is unfortunately becoming increasingly the case. Scans specially adapted to the needs of the different sectors of the food industry are required.
It's about protecting the food industry
Every company must be viewed differently and depends on individual protection. If you have already determined your protection needs using an Information Security Management System (“ISMS”), the depth of the check is based on this procedure. Production, processing and the food trade are just a few areas of the food industry - it's hard to imagine if even just one of these processes would be affected.
If no ISMS or no complete ISMS has been set up, we determine the depth of the test in a joint (free) appointment and a specially tailored questionnaire in order to be able to submit an offer based on this.
The testing depths vary from simple script kiddie testing to the governmental level. Thus, a penetration test can last between 4 days and several months. The highest priority here is that none of the tested systems are impaired or even fail.
