Enterprise IT Penetration Testing

Penetration testing is a simulated real-world attack against an infrastructure or application targeted at finding security weaknesses and examining the existing security status of the IT system. A penetration test tries to find vulnerabilities which are then exploited using the proof-of-concept principle. Such a test is usually conducted in the following four phases:

• Reconnaissance
• Enumeration
• Exploitation
• Documentation

The first phase, reconnaissance, involves the gathering of information of a system set for assessment. Following data collection, the second phase, enumeration, kicks in. In this phase, identification of potential entry points into the system is performed.

Upon successful identification, the third phase, exploitation, comes into effect. During this time, testers will actively attempt to exploit security weaknesses. In the event of a compromised system, an expanded attack scope will be carried out. The last phase, documentation, ensures that every procedure and effect is recorded so that they can be reconstructed in detail.

The fact that penetration tests provide an excellent view of the current security status of an organisation cannot be ignored. The result of the penetration test will help business owners gain a better understanding of their current levels of exposure, identify the various aspects of IT-security that are lacking, and provide details for rectifying the vulnerabilities which surface from the test.

Detailed report including risk assessment – Our experienced security experts will provide detailed documentation of the outcome of the penetration test and assess the risks of the identified vulnerabilities.

Suggestions for solutions/improvements – By performing penetration tests, TÜV SÜD's experts not only expose security gaps; they also advise companies on how to close them.

Verification of the effectiveness of implemented actions/improvements – Companies have the opportunity to verify the success and effectiveness of their corrective actions in a follow-up test

Within TÜV SÜD, internationally accredited certification bodies offer services for various management systems. We have extensive experience in auditing and certifying a wide range of internationally recognised management systems. Our experienced team will guide you through the process, from on-site audits to certification. We will help you to identify opportunities and minimise potential risks. By being your partner, your company’s commitment to the safest standards will gain global recognition.

• In-depth assessment - TÜV SÜD can tailor a unique programme to suit your organisation’s needs. We can provide penetration tests on a regular basis spanning different areas with differing requirements to ensure the overall security of your business.
• Relevant certifications - The improved IT infrastructure as a result from the penetration test can work in conjunction with other industry standards. TÜV SÜD is a one-stop provider for your other certification needs and services including ISO 27000 and Payment Card Industry compliance.