How does a hacker get into the system?
A penetration test shows exactly that – before real attackers do. We rely on a consistently manual approach by experienced pentesters. This makes real vulnerabilities visible, increases the transparency of your IT security situation and allows targeted measures to be clearly derived. The result is a clear basis for decision-making for management and concrete, actionable instructions for IT. AI and vulnerability scanners recognize known patterns, but often reach their limits when it comes to the human component, context, business logic and the evaluation of real attack paths. Penetration testing is the most effective way to make your IT truly secure and understand how an attacker would actually proceed.
More overview. More control. More security.
Recognize weak points at an early stage
A pentest uncovers security gaps before they are exploited by attackers – reliable, well-founded and with clear recommendations on how to close the vulnerabilities.
Assess risks correctly
All findings are classified according to criticality – with CVSS score, impact assessment and specific reference to your infrastructure.
Clearly define measures
You receive concrete recommendations for action that can be directly implemented in your processes – comprehensible for IT, management and external partners.
Making safety verifiable
Our tests are carried out by certified, exclusively permanently employed penetration testers and in accordance with recognized standards such as the OWASP Testing Guide, Pentest Execution Standard (PTES) and the BSI’s implementation concept for penetration tests. On request, you will receive a certificate confirming the successful completion of the penetration test.
Pentests - procedure with a system. Results with substance.
01
Target definition & scope analysis
Together, we prioritize the critical systems - with a clear focus on attack surfaces and regulatory requirements.
02
Coordination with stakeholders
Minimized operational risks through coordinated processes, transparent communication and precise test planning.
03
Simulation of real attack scenarios
Tests at the highest technical level: based on PTES, NIST and OWASP - with real attacker thinking.
04
Documentation & management reporting
No standard recommendations for action, but handwritten, individual and very comprehensive documentation. Each recommendation is tailored precisely to the sector, contact person and overall situation - completely without standard texts or ready-made templates.
05
Risk assessment & validation
Technical weaknesses are placed in a business context - comprehensible, prioritized, action-oriented.
06
Review & action planning
The test results are presented, specific remedial measures are explained and, if desired, checked in a follow-up test.
Proven standards for traceable security
PTES
The Penetration Testing Execution Standard (PTES) is a structured guide to conducting professional penetration tests – from planning to follow-up.
NIST
The NIST Cybersecurity Framework provides standardized guidelines for identifying, assessing and addressing IT security risks.
OWASP Testing Guide
The OWASP Compendium includes various guides such as the OWASP Testing Guide for Web Applications and the Mobile Security Testing Guide for Mobile Applications and thus offers a comprehensive methodology for conducting security assessments across different platforms.
PCI-DSS
PCI-DSS is a security standard for companies that process, store or transfer credit card data – with clear technical and organizational requirements.
Cyber Kill Chain
The Cyber Kill Chain describes typical phases of a targeted attack – from reconnaissance to data exfiltration – and is used to structure defense strategies.
Specialized in the what others overlook.
Specialized in the
what others overlook.
Different test types. Tailored to target and context.
Depending on the objective, initial situation and system landscape, pentests differ significantly in terms of methodology and depth. From technical tests of individual systems to realistic attack simulations at organizational level – the framework determines the approach and significance.
All pentests at a glance
Strong expertise in highly regulated sectors such as energy, healthcare, finance and insurance, transportation and public sector.
Check publicly accessible systems such as firewalls, VPNs or external servers for attack surfaces.
Analyze the security of workplace systems and internal endpoints in the company network.
Simulation of an attack with internal access – e.g. by compromised employees or service providers.
Manual testing of web-based applications for vulnerabilities such as injection, authentication errors or access controls.
Security analysis of native or hybrid applications – including iOS, Android and Flutter-based solutions.
Specialized pentests for highly regulated infrastructures – e.g. banks, payment systems or POS networks.
Code-based analysis of software components or infrastructure configurations with a focus on security standards.
Safety assessment of embedded automotive components – e.g. ECUs and their communication.
Holistic analysis of networked devices – including firmware, communication, interfaces and physical access.
Security check of your cloud infrastructure and configurations according to the best practices of the respective platform.
Pentesting in complex SAP landscapes – including access controls, RFC communication and user roles.
Analysis of wireless networks for vulnerabilities in authentication, encryption and segmentation.
Clear insights. Real scenarios. Tangible measures.
Affected systems and applications
You will find out exactly which of your systems offer potential gateways for attackers – from the web server to the internal network.
Attacker perspective on your company
We show realistic attack scenarios of how an attacker would actually proceed – including all vulnerabilities found.
Prioritized weak points with risk analysis
All findings are evaluated according to criticality: What is critical, what is medium-term – and what can be ignored for the time being?
Concrete recommendations for action
You receive a clear, actionable to-do list for your IT – clearly formulated, prioritized and ready for immediate use.
Your contact persons
Security is a matter of trust. With us, you don't talk to a ticket system - you talk directly to experienced experts.
S. Philipp Kalweit is Director Strategy & Consulting with a focus on security awareness and offensive IT auditing. He has been advising SMEs and corporations for nine years, particularly in highly regulated industries. In 2019, he was honored by DIE ZEIT as “Hamburger of the Month” and included in the Forbes 30 under 30 DACH list.
S. Philipp Kalweit
Managing Partner
Dipl.-Wirtsch.-Ing. Günther Paprocki is Managing Partner of KALWEIT ITS. As Director HR & Operations, he is responsible for operations and personnel. With experience from previous positions at Sharp, Philips and Cisco, he brings a breath of fresh air to the consultancy. His focus: strengthening cybersecurity in Germany.
Günther Paprocki
Managing Partner
