Overview

When was the last time you did a complete health check? We maintain almost everything in our lives or at least we should, especially ourselves. But what about your workplace, beyond a “clean desk policy”? Many companies provide fire safety exercises, first aid courses or even wellness treatments for their staff but forget to test and debug the systems that protect their most valuable resources – their data & users, which is the backbone of every business.

The Ethical Hacking provided by Selution does not only run a scan through your network but involves hackers that will find, use and categorize weaknesses in your IT infrastructure. Get a complete overview on potential vulnerabilities, their severity and how to categorize and address them.

The question is not if you get hacked, but how well you are prepared in case of an attack – schedule it yourself with predictable costs, before the bad guys take over your agenda and charge you in bitcoins.







Features

Ethical Hacking or Penetration Testing is basically a combination of targeted attacks on the IT infrastructure approved by the costumer. The goal behind those attacks performed by a Selution-Hacker is to uncover weaknesses which are not immediately apparent, while aiming at the so called “low hanging fruits”. This helps identifying individual vulnerabilities, that are not commonly known already.

A costumer is ready for a penetration test as soon as he has taken actions to secure his IT infrastructure and then wants to verify if his efforts are sufficient to provide protection beyond ordinary threats.

We use the same approach and methods like hackers do but our intensions are quite different!

Through continuous penetration tests the security level can be increased dramatically. In contrast to a vulnerability scan, it allows a clear prioritisation to close individual security gaps.

Selution AG will act as an independent and neutral partner with focus on your and your costumer’s interests in terms of the existing components, resources, partnerships and philosophy. Therefore, the findings obtained during a test and the necessary steps resulting out of them, will be based on those indicators. The integrity of our partners is our highest asset.

During a Penetration Test, systems may react not as predicted and crashes, hard- or software-defects or data loss may occur. An escalation protocol from both sides is indispensable.

It is possible to execute a vulnerability-audit on the integration- / reference environment, given that it is identical to the productive environment and no changes will me made during the audit.


Following components will be examined:

  • Internal Network
    • Internal Infrastrucure (Firewalls, Routers, Switches)
    • Internal Servers (AD-, File-, DB-, SQL-, Web-, Applicationservers)
    • Various Zones (DMZ, Server, Management, Logging, Backup, etc.)
  • External Network (Internet)
    • External Services (Web-, Mail-, DNS-Server, VPN, Router, Firewalls)
  • Web-Applications

Check of specific Web-Applications.

After the test is completed, a detailed report in German or English will be provided, containing all the findings categorised by their severity in a security context and how to address them.

The time required for the whole procedure is between 1 to 8 weeks, depending on the complexity and the dimension of the infrastructure to be tested.

The regular IT user relies blindly on the IT landscape and takes it for granted that everything runs smoothly. Unfortunately, this especially applies for the management, where topics like cyber security are rarely ever brought into question.

When it comes to cyber security, we trust in technologies like spam filters, firewalls and endpoint protection or even do user awareness trainings. 3 out of 4 organizations that experience a security breach, have a state-of-the-art security stack. So, what else can we do? First and foremost, we need to review the security measures that we implement. It is one thing to have a great security concept but even the best design is worthless without a qualified validation.