The goal of a penetration test is to test as many systems and applications and services running on them as possible within a predefined framework, for example the computer network of a company. In an attempt to compromise (‘hack’) these, the security expert uses all the tools and methods that a real attacker would use to gain unauthorized access and cause damage.
In contrast to purely automated vulnerability scans, a real penetration test requires not only manual execution but also proper preparation and post-processing in order to define targets and close weak points sustainably.
Especially the latter often requires not only a purely technical rework, but also an organizational rethinking, which already preventively counteracts future gaps. Even then, a penetration test should be understood as a snapshot rather than a permanent seal of approval, since even small changes to tested components or a newly discovered vulnerability (zero day) can make a system vulnerable again.
The experts at sic[!]sec GmbH have many years of experience in conducting penetration tests on a wide variety of platforms. Be it (web) applications, mobile applications on Android or iOS devices or pure API interfaces that are used for communication between different computer systems.
We regularly test systems with these architectures, use state-of-the-art tools in combination with our expert knowledge and can thus make a well-founded statement about possible weak points and recommend effective and sustainable countermeasures.