Security Testing

Penetration-Testing & Auditing

Testing IT Security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web-) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 and/or your enterprise security policies. As a result of our reports you will be able to realistically assess the risks related to the detected security flaws and vulnerabilities. Furthermore our recommendations concerning countermeasures assist you both in the prioritized remedy of the addressed vulnerabilities and in securing your assets.

Penetration-Tests

„A penetration test is a security practice during which some trusted party attempts to detect and exploit vulnerabilities in a system's security with the means of a hacker within a given time frame.“

This is our own definition of a penetration test. Professional IT-security work includes not only the determination of security targets and the implementation of measures, but it also includes a regular control of these measures. A penetration test is the most important mitigating control to achieve this goal.

Regular penetration testing gives you a hacker´s view of your systems. Thereby you can quickly discover unsecured new systems. ERNW commits itself to absolute secrecy regarding the test results and the information gathered during the test. After testing we remove every tool, log file or sniffed data from the targeted systems.

our Pen-Test methodology

what you get

optional modules

Security Audits

Our pen-test methodology

The systems typically are being audited read only [without configuration changes] and targeted by different kinds of scans and dedicated attacks [with the source in the Internet during external penetration test or with the source in the LAN during internal penetration test]. These attacks occur with the newest technology and exploits, which we partly develop ourselves. Audits can be done by the customer or by our team. This is done to primarily detect configuration or organisational vulnerabilities. During the tests we strive not to impact the availability of the targeted networks or systems. However ERNW can not be held liable for downtimes or any following consequences. The projectmanagers of the ERNW Audit-Team are CISSP and/or BS 7799 lead auditors with a distinctive Code of Ethics.

Objectives

Security targets to be tested

What we do

Code of ethics / code of conduct

TROOPERS11 - March 2011
TROOPERS11 takes place from 14-18. March 2011 at Heidelberg. Mark your calendars now and sign up for the official TROOPERS newsletter to stay up-to-date. [More]
Security Testing
Testing IT security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 ... [More]
Research & Technology-Evaluation
Research is the foundation of our Know-How leadership. The objections of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level.... [More]