Penetration test

The supreme discipline

Penetration test

Cyberattacks – the biggest business risk worldwide in 2024*. Time to check how well they are positioned.

*Allianz Risk Barometer

 

What we know

We do not provide hypotheses, but clarity, knowing exactly what (still) needs to be done. We help companies determine the actual security posture of their IT without compromise and independently. In doing so, we act like potential attackers by identifying attack vectors and vulnerabilities through real-world attacks. This gives you a realistic and uncompromising insight into the current security situation of your IT.

Therefore KALWEIT ITS

The goal of penetration testing is to penetrate information technology systems. We act like potential attackers, identify attack vectors and exploit them technically. This gives you a realistic view of the (in)security of your IT solutions and enables you to close security gaps before attackers exploit them.

As an independent consulting company specializing in the disciplines of IT security, performing penetration tests is one of our supreme disciplines. Our claim is the execution of low automated penetration tests with a transparent and comprehensible approach. Industry-specific requirements from the banking or healthcare sectors do not pose a challenge for us.

    We believe that IT security must be different today . Security means trust in independent solutions. Safety is not a product, but a continuous process. This is exactly why we work with holistic consulting methods and understand companies as holistic security factor - just as an attacker would . Because a concept does not make a system.
    We work according to recognized standards such as PTES, NIST, OWASP Testing Guide, PCI-DSS, Cyber Kill Chain as well as the implementation concept for penetration tests of the Federal Office for Information Security . In addition, our projects are insured for financial loss as well as personal injury and property damage.

We support you with any kind of penetration testing:

  • Perimeter test
  • Client test
  • Inside offender test
  • Testing of web applications/application software/mobile applications
  • Testing of core banking systems and retail networks
  • Security Review
  • Engine control unit tests
  • Testing of IoT devices, firmware and hardware
  • Tests in the cloud environment (AWS, Microsoft Azure or Google Cloud)
  • Flutter solution testing
  • Testing of SAP environments
  • WLAN infrastructure testing

Strong expertise in performing penetration testing in banking, finance, healthcare, critical infrastructure, and retail industries.

Procedure of the tests

During the initial meeting, we get to know you and your company better. In the second round of the meeting, we discuss the next steps together with all decision-makers. The methodology of penetration testing to be applied is determined.

During the penetration test, we usually deploy a team of testers so that the respective colleagues can focus on their specialization.

Once the penetration test has identified possible attack vectors and determined their probability of occurrence and the extent of damage, we present the results to you in a final report.

This includes a management summary, a detailed description of the inherent risks, and a proof of concept so that you can track the vulnerabilities internally with your own IT experts.

At the heart of the documentation are the comprehensive recommendations for action, which you can use to carry out independent remediation of the weak points in a simple and comprehensible manner.

Independently of a free debriefing to clarify open questions or ambiguities, we are also happy to provide you with a confirmation of the successful execution of a penetration test upon request. You can use this as proof for customers and business partners.

 

 

The final report contains the following components:

  • Project frame data (project name, contact person, test period, scope)
  • Management summary
  • Description of the approach and methods used
  • Summary and assessment of the identified vulnerabilities in terms of their criticality (including CVSS values and CVE entries) and technical proof of concept
  • Detailed technical description of the identified vulnerabilities / inherent risks.
  • Recommendation of measures to eliminate the vulnerability as well as listing of all vulnerabilities in tabular form (Excel).

Book your appointment

Your contact persons

You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.

Philipp Kalweit

Philipp Kalweit

Managing Partner

 

+49 40 285 301 257

hello@kalwe.it

Philipp Kalweit is an experienced IT security consultant on the topics of security awareness and offensive IT auditing. As Director Strategy & Consulting, he is responsible for corporate strategy as well as the advisory and consulting area. For the past six years, he has been advising and auditing clients from the SME and group environment, in particular ECB and BaFin-regulated organizations as well as groups in the retail sector. His consulting focus is on holistic IT security. He was honored for his work in 2019 by DIE ZEIT as “Hamburger of the Month” and in the same year was included in the Forbes “30 under 30 DACH” list.

 

Günther Paprocki

Günther Paprocki

Managing Partner

 

+49 40 285 301 258

hello@kalwe.it

Since May 2024 industrial engineer Günther Paprocki has been a managing partner at KALWEIT ITS. As Director HR & Operations, he is responsible for the operational business and the HR department. From his positions at Sharp, Philips and Cisco, he brings a breath of fresh air to our consulting firm. Whether in the field of photovoltaics, e-mobility or the first mobile network in Germany – Günther Paprocki has always been active in forward-looking sectors in the past. His current mission: to strengthen cybersecurity in Germany.

 

Arrange a non-binding initial meeting now