The supreme discipline
Cyberattacks – the biggest business risk worldwide in 2022*. Time to check how well they are positioned.
*Allianz Risk Barometer 2022, January 18, 2022
What we know
Therefore KALWEIT ITS
The goal of penetration testing is to penetrate information technology systems. We act like potential attackers, identify attack vectors and exploit them technically. This gives you a realistic view of the (in)security of your IT solutions and enables you to close security gaps before attackers exploit them.
As an independent consulting company specializing in the disciplines of IT security, performing penetration tests is one of our supreme disciplines. Our claim is the execution of low automated penetration tests with a transparent and comprehensible approach. Industry-specific requirements from the banking or healthcare sectors do not pose a challenge for us.
- We believe that IT security must be different today . Security means trust in independent solutions. Safety is not a product, but a continuous process. This is exactly why we work with holistic consulting methods and understand companies as holistic security factor - just as an attacker would . Because a concept does not make a system.
- We work according to recognized standards such as PTES, NIST, OWASP Testing Guide, PCI-DSS, Cyber Kill Chain as well as the implementation concept for penetration tests of the Federal Office for Information Security . In addition, our projects are insured for financial loss as well as personal injury and property damage.
We support you with any kind of penetration testing:
- Perimeter test
- Client test
- Inside offender test
- Testing of web applications/application software/mobile applications
- Testing of core banking systems and retail networks
- Security Review
- Engine control unit tests
- Testing of IoT devices, firmware and hardware
- Tests in the cloud environment (AWS, Microsoft Azure or Google Cloud)
- Flutter solution testing
- Testing of SAP environments
- WLAN infrastructure testing
Strong expertise in performing penetration testing in banking, finance, healthcare, critical infrastructure, and retail industries.
Procedure of the tests
During the initial meeting, we get to know you and your company better. In the second round of the meeting, we discuss the next steps together with all decision-makers. The methodology of penetration testing to be applied is determined.
Once the penetration test has identified possible attack vectors and determined their probability of occurrence and the extent of damage, we present the results to you in a final report.
This includes a management summary, a detailed description of the inherent risks, and a proof of concept so that you can track the vulnerabilities internally with your own IT experts.
At the heart of the documentation are the comprehensive recommendations for action, which you can use to carry out independent remediation of the weak points in a simple and comprehensible manner.
Independently of a free debriefing to clarify open questions or ambiguities, we are also happy to provide you with a confirmation of the successful execution of a penetration test upon request. You can use this as proof for customers and business partners.
The final report contains the following components:
- Project frame data (project name, contact person, test period, scope)
- Management summary
- Description of the approach and methods used
- Summary and assessment of the identified vulnerabilities with regard to their criminality (incl. naming of CVSS values and CVE entries) as well as technical proof of concept
- Detailed technical description of the identified vulnerabilities / inherent risks.
- Recommendation of measures to eliminate the vulnerability as well as listing of all vulnerabilities in tabular form (Excel).
You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.
+49 40 285 301 257