IT Sicherheit – frischer Wind
IT security – a breath of fresh air
Sécurité informatique – un vent de fraîcheur
Seguridad informática – un soplo de aire fresco
Hacker sind kreativ und finden immer neue Wege in Unternehmen einzudringen. Um Angreifern weiterhin einen Schritt voraus zu sein, braucht es immer wieder neue Ideen.

KALWEIT ITS – Wir bringen frischen Wind.
Hackers are creative and always find new ways to penetrate companies. To stay one step ahead of attackers, new ideas are always needed.

KALWEIT ITS – We bring a breath of fresh air.
Les pirates informatiques sont créatifs et trouvent toujours de nouveaux moyens de s'introduire dans les entreprises. Pour garder une longueur d'avance sur les attaquants, il faut sans cesse de nouvelles idées.

KALWEIT ITS – Nous apportons un vent de fraîcheur.
Los hackers son creativos y siempre encuentran nuevas formas de penetrar en las empresas. Para estar un paso por delante de los atacantes, siempre se necesitan nuevas ideas.

KALWEIT ITS – Traemos un soplo de aire fresco.

Penetration test

The supreme discipline

Penetration test

Cyberattacks – the biggest business risk worldwide in 2022*. Time to check how well they are positioned.

*Allianz Risk Barometer 2022, January 18, 2022

 

What we know

We do not provide hypotheses, but clarity, knowing exactly what (still) needs to be done. We help companies determine the actual security posture of their IT without compromise and independently. In doing so, we act like potential attackers by identifying attack vectors and vulnerabilities through real-world attacks. This gives you a realistic and uncompromising insight into the current security situation of your IT.

Therefore KALWEIT ITS

The goal of penetration testing is to penetrate information technology systems. We act like potential attackers, identify attack vectors and exploit them technically. This gives you a realistic view of the (in)security of your IT solutions and enables you to close security gaps before attackers exploit them.

As an independent consulting company specializing in the disciplines of IT security, performing penetration tests is one of our supreme disciplines. Our claim is the execution of low automated penetration tests with a transparent and comprehensible approach. Industry-specific requirements from the banking or healthcare sectors do not pose a challenge for us.

    We believe that IT security must be different today . Security means trust in independent solutions. Safety is not a product, but a continuous process. This is exactly why we work with holistic consulting methods and understand companies as holistic security factor - just as an attacker would . Because a concept does not make a system.
    We work according to recognized standards such as PTES, NIST, OWASP Testing Guide, PCI-DSS, Cyber Kill Chain as well as the implementation concept for penetration tests of the Federal Office for Information Security . In addition, our projects are insured for financial loss as well as personal injury and property damage.

We support you with any kind of penetration testing:

  • Perimeter test
  • Client test
  • Inside offender test
  • Testing of web applications/application software/mobile applications
  • Testing of core banking systems and retail networks
  • Security Review
  • Engine control unit tests
  • Testing of IoT devices, firmware and hardware
  • Tests in the cloud environment (AWS, Microsoft Azure or Google Cloud)
  • Flutter solution testing
  • Testing of SAP environments
  • WLAN infrastructure testing

Strong expertise in performing penetration testing in banking, finance, healthcare, critical infrastructure, and retail industries.

Procedure of the tests

During the initial meeting, we get to know you and your company better. In the second round of the meeting, we discuss the next steps together with all decision-makers. The methodology of penetration testing to be applied is determined.

Once the penetration test has identified possible attack vectors and determined their probability of occurrence and the extent of damage, we present the results to you in a final report.

This includes a management summary, a detailed description of the inherent risks, and a proof of concept so that you can track the vulnerabilities internally with your own IT experts.

At the heart of the documentation are the comprehensive recommendations for action, which you can use to carry out independent remediation of the weak points in a simple and comprehensible manner.

Independently of a free debriefing to clarify open questions or ambiguities, we are also happy to provide you with a confirmation of the successful execution of a penetration test upon request. You can use this as proof for customers and business partners.

 

 

The final report contains the following components:

  • Project frame data (project name, contact person, test period, scope)
  • Management summary
  • Description of the approach and methods used
  • Summary and assessment of the identified vulnerabilities with regard to their criminality (incl. naming of CVSS values and CVE entries) as well as technical proof of concept
  • Detailed technical description of the identified vulnerabilities / inherent risks.
  • Recommendation of measures to eliminate the vulnerability as well as listing of all vulnerabilities in tabular form (Excel).

Your contact

You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.

Philipp Kalweit

Philipp Kalweit

Managing Partner

 

+49 40 285 301 257

hello@kalwe.it

Philipp Kalweit is an experienced IT security consultant on the topics of security awareness and offensive IT auditing. For the past six years, he has been advising and auditing clients from the SME and group environment, in particular ECB and BaFin-regulated organizations as well as groups in the retail sector. His consulting focus is on holistic IT security. He was honored for his work in 2019 by DIE ZEIT as “Hamburger of the Month” and in the same year was included in the Forbes “30 under 30 DACH” list.

 

Arrange a non-binding initial meeting now