Pentest – What do we mean by that?
Pentests, or Penetration Tests, involve the manual examination of IT systems to identify security vulnerabilities or weaknesses. Unlike IT security audits, penetration tests often exploit security vulnerabilities to create a realistic assessment of an organization's security.
There is no such thing as 100% security – the question is how much damage attackers can cause if they exploit a vulnerability in your system.
Examples of security vulnerabilities (findings) discovered in our penetration tests include buffer overflows, format string vulnerabilities, or simple rainbow table attacks on unfortunately still-used NTLMv2 authentications.
If previously unknown security vulnerabilities (0-Day Vulnerabilities) are discovered during a penetration test, we will discuss the approach in detail with you. In such cases, the software affected is usually the responsibility of a third party (the manufacturer), but you are affected by it. For ethical reasons, we do not exploit these 0-day vulnerabilities, as the manufacturer must have the opportunity to address and fix them.
We discuss these and other topics and document them together during a kickoff meeting.