Evaluation services – test your IT security

Every four seconds a new malware is created.

As digitization and networking pervade the market, new points of attack for malware are emerging every day.

Vulnerability analyses uncover dangerous points of entry into your company.

Vulnerability and penetration testing

Vulnerability management efficiently integrated into the company

Powerful vulnerability management ensures that companies are not overwhelmed with the resulting vulnerability reports, instead prioritizing them according to their relevance to security in computer systems, applications, and network infrastructures.

The effectiveness of your technical and organizational measures can best be verified by means of a penetration test. At the same time, penetration tests are an excellent tool to document compliance with statutory security requirements, in particular those of the EU General Data Protection Regulation (EU-GDPR). With our penetration tests, you can efficiently protect your company's knowledge from unauthorized access and meet statutory security requirements.

Our tests are carried out exclusively by qualified, experienced testers. All the tools we use during the tests meet the strictest possible security standards. Critical parts of the system are virtualized before the test to ensure a trouble-free test run and prevent damage to the system.

After the test, you receive both the results as well as all data and information collected during the test. We test exclusively in the context of the "permission to attack" you give us in advance. You keep full control of your data and information.

Penetration testing process

Going through the pen test provides valuable strategic information for your IT team and at the same time legal evidence for compliance with statutory requirements.

 
 
 
 
Process of penetration testing

 

To be able to carry out the pen test in a way appropriate to your system and requirements, we will work with you in advance to build the overall test from individual test scenarios. Our test modules are designed for specific topics. The test scenarios are developed using these test modules:

  • I.  Social engineering attacks
    • Phishing emails
    • Web presence with and without login
    • Phone calls to ask for passwords
    • Compromised USB sticks
    • Physical access (spy)
  •  II. Internal security
    • Internal network without user account (black box approach)
    • Wireless LAN
    • Mobile workstation
    • Client security (notebooks and desktops)
  •  III. External security
    • Information gathering
    • Port scanning

Management consulting

Our improvement recommendations are simple, comprehensible, and independent of any specific products.

During the presentation of the test results, of course, you will have the opportunity to discuss the recommendations, possible alternatives, and any questions you might have. And of course, the final report that we submit to you will also be simple and understandable enough to represent the greatest possible benefit for your management. You benefit from the IT management and communication skills of our team. That means you get an optimum, absolutely independent IT security consultation with directly implementable approaches to improvement.

Qualifications of our team

Many years of experience in technical security consulting with a practical background. Areas of special expertise:

  • Penetration testing (pen tests)
  • Vulnerability analysis
  • Network security
  • Many years of experience in IT management

Special skills

  • Social engineering (intrusion, espionage, and manipulation)
  • Top communications skills at management level
  • Certifications: OSCP, CISSP, CCIE, CCNP, CCIP, CCSA, ITIL and more

Your contact

Asmus Hammer

Asmus Hammer

Sales Manager Projects

phone: +49 431 3993-637

mobile: +49 172 6816706

e-mail: hammer@consist.de