What you get

A Pen-Test typically consists of the following modules:

  • Initial workshop
  • Information gathering/fingerprinting
  • Vulnerability assessment (hacking) on system level
  • Vulnerability assessment (hacking) on application level
  • Presentation of the results
  • Detailed documentation

Initial workshop

First of all we sign a confidentiality agreement which means we commit ourselves to observe the data protection laws. We take inventory of all the modules which will be analysed, and we will determine the exact procedure of the tests and theirs goals. Test methodology and used tools are then introduced and described. The data protection officer should be present about one hour in order to determine the way to handle personal data. A contact person and procedures are to be determined in case of problems or disclosed vulnerabilities which have to be removed immediately. Finally emergency call numbers will be given and the kind of data exchange defined.

Information gathering / fingerprinting

The next step is to get information from the target systems with following resources:
  • Identification of active systems
  • System identification (evaluation of fingerprints, system-specific services, etc.)
  • Determination of the active services inclusive version conditions
  • Download of accessible web pages to the further analysis
  • Determinate the session handling, data transfer, etc.
  • Identification of the authentication procedures and coding mechanisms

Hacking the machines

  • User authentication and access control mechanisms
  • Authentication mechanism (predictableness, strength of the mechanism, etc.)
  • Timeout mechanisms
  • Dictionary or Brute Force attacks on password-based authentication mechanisms
  • Examination on susceptibility in relation to Man-in-the-Middle-attacks
  • Coding mechanisms
  • Coding procedure
  • Key strength
  • Active services
  • Examination for well-known backdoors
  • Utilization of safety gaps if exploits available (only after explicit release by customer)
  • Configuration error
  • Access to indexable indices
  • Access to example scripts
  • Use of well-known vulnerabilities of the application/the service

Hacking the (Web-) Applications

  • Input Validation
  • SQL Injection, Stored Procedures, etc.
  • Code Analysis (information disclosure in comments, hidden elements, etc.)
  • Session Management (Cookies, URL-Rewriting, etc.)

The Report

  • A detailed description of the analysis goals and the applied procedures
  • The concrete proceeding in comprehensible and reproducible form
  • A concrete results evaluation (management summary) easy to read even for non technicians
  • Guidelines and recommandations including priorization in consideration of Best Practices (ISO27001)
  • The detailed results representation

more Pen-Test modules


TROOPERS11 - March 2011
TROOPERS11 takes place from 14-18. March 2011 at Heidelberg. Mark your calendars now and sign up for the official TROOPERS newsletter to stay up-to-date. [More]
Security Testing
Testing IT security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 ... [More]
Research & Technology-Evaluation
Research is the foundation of our Know-How leadership. The objections of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level.... [More]