Web, Mobile App and Infrastructure Pentests

What is a Penetration Test?

A penetration test is a procedure to assess the security of applications, networks and infrastructures by methodical and manual validation of the effectiveness of security controls. The process includes an active analysis of the systems with the methods of a real attacker from external or internal sources. All security problems identified are presented to the customer together with an impact assessment, a proposal for risk mitigation or a technical solution.

Penetration Tests from turingpoint are Handmade!

Automated vulnerability scanners cannot replace full penetration tests. It would be negligent to believe that a vulnerability scan provides a good level of security or protection against a real attacker!

5 reasons why you should do a proper penetration test:

Uncover hidden system vulnerabilities
The surest way to measure your security level is to examine how it can be hacked. A pentest offers the possibility to test your system's resistance (cyber resilience) against external hacking attempts.
More
Save remediation costs and reduce network downtime
While it may sound counterintuitive, spending money on pentests will actually save your company a significant amount of money. Pentests highlight the areas of greatest vulnerability, which informs you where to most effectively spend your IT security budget. Without pentests to guide you, it would be necessary to spend more money on a broader range of aspects.
More
Enable compliance with safety regulations
There's no doubt that pentests play a critical role in protecting your business and its valuable assets from potential intruders. However, the benefits of pentesting go far beyond network and data security.
More
Preserve the company's image and customer loyalty
Security attacks can compromise your sensitive data, resulting in the loss of trusted customers and severe reputational damage. Pentesting can help you avoid costly security breaches that put your company's reputation and your customers' loyalty at stake. In addition, pentesting can grow with time and complexity if the system requires additional scope.
More
Develop efficient security measures and invest in the right business areas
The summarized results of a pentest are essential for assessing the current security level of your IT systems. They can provide your company's management with insightful information about the identified security vulnerabilities, their timeliness, and their potential impact on system function and performance.
More

Penetration Testing - an effective solution for high IT Security

Profit from our many years of experience! Penetration tests are planned, performed and evaluated by our specially trained analysts according to recognized standards.

That's why you should perform a pentest with turingpoint!

Free certification as proof for your customers
External ISMS accreditation according to ISO 27001 from DAkkS
Business Risk Analysis and Management Summary for the Executive Board
One-time retest free of charge
Comprehensive recommendation for remediation of the vulnerabilities
Implementation according to recognized rules of technology (OWASP, OSSTMM, BSI, PCIDSS, NIST, PTES, etc.)
Experience with disruptive cloud technologies such as AWS, Google Cloud Platform, oder Microsoft Azure
Own and constantly updated scanner software in addition to the common commercial tools
Depending on the information basis, we perform white, grey or black box tests
Optionally we introduce a Darknet Intelligence Assessment

Our experienced IT Security Consultants uncover vulnerabilities before a real hacker can exploit them. Reduce remediation costs and network downtime. Our pentests enable you to comply with security regulations, such as those defined in an Information Security Management System (ISMS), and preserve your company's image and the loyalty of your customers.

The final report allows your company to develop efficient security measures and invest in the right business areas. We will be happy to review the security architecture at regular intervals, as the constant changes in the system should be continuously monitored.

We offer our services in various complexities and recognized standards in close consultation with our customers.

Range of services for IT Security Penetration Testing

Basically, we classify pentests into three types, which can be arranged individually for each project.

Web Applications

A web pentest focuses exclusively on web technologies. Web applications and APIs have far-reaching permissions that provide a variety of attack vectors and are usually tied to the infrastructure.

Learn More

Mobile/App

Our mobile app pentesters have a background in network and web penetration testing, a quality necessary for pentesting mobile apps, because almost every app communicates with a backend system.

Learn More

Critical Infrastructure

The pentest for critical IT infrastructures (KRITIS) tests the security of e.g. server systems, VPN systems, WLAN networks and firewalls. As a basis for secure applications, the system and the network infrastructure must not be neglected.

Learn More

Pentesting Final Report & IT Security Certificate

We have developed a comprehensive reporting format and certificates that provide optimal insight into our work and its results.

Comprehensive Final Report

Our report is prepared according to recognized standards and includes a Management Summary, a vulnerability overview, details on vulnerabilities and remediation steps. The evaluation of the Findings depends on the CVSS 3.0 Standard.
The detailed reporting format not only shows which vulnerabilities were identified during the pentest, but also which attack vectors were checked. Thus, you can understand our work in an optimal way.
The final report is individually created and delivered as a classic PDF document or in a special HTML format. In the dynamic HTML format, content and vulnerability findings can be filtered, sorted and exported to other formats.

We have an effective and comprehensive format for demonstrable safety that can be integrated directly into your website. This certificate proves to third parties such as customers or insurance companies a high security level, data protection and a sensitization for IT security.
The certificates issued by us prove a high IT security level at a given time according to a standard or individual test modules. Different test guidelines are selected and evaluated depending on the assessment.
Our certificate is issued only to those who achieve a good pentest result or, after a free night test, receive the required level of maturity from our Ethical Hackers.

To the Certificate

Certification with Seal

Pen Test References

Companies that trust our professional competence.

Patrick Wölfel
Head of IT - RuV BKK
We attach great importance to the security of our customer data. In this respect, we have commissioned turingpoint to examine our online office for possible weaknesses and to identify potential for improvement. What we particularly rate about turingpoint is the professional communication with the team as well as their adherence to deadlines. We received a very well-structured and comprehensible final report. This made it possible for our software developer to systematically eliminate the weak points that were found. We are looking forward to further cooperation.
Frederik Vollert
Managing Director & Co-Founder - Phrase
turingpoint conducted a web penetration test on the Phrase.com website and API as an external system audit as part of our Information Security Management System. The team conducted the tests in a highly professional manner, identifying a number of potentially malicious exploits and security enhancements through libraries, the application of security protocols and the browser level. The report helped us identify current strengths and weaknesses in our security architecture and resulted in changes to our code base to minimize security weaknesses. We look forward to our next penetration test with turingpoint!
Hans Lechner
Head of IT - reifencom GmbH
I hereby confirm to turingpoint GmbH, Rödingsmarkt 9, 20459 Hamburg, Germany, for us services of penetration testing within the scope of a security audit of public web applications to have produced. The scope of services included the testing of the web pages of Internet presence and the associated e-commerce system of our company. The services were completed on time and in very high quality within the set deadline. quality workmanship. The interests of the client were always taken into account and the service is performed to the complete satisfaction of the customer.
Dr. med. Christoph Twesten
Founder / CTO - MillionFriends
Perfood GmbH address several diseases and predeseases with digital therapeutics. The portfolio includes medical products and DIGAs (digital health application under the German Healthcare Act). IT Security is a very important aspect of our business. In April 2020 turingpoint conducted a penetration-test on the API of our backend as an external system audit as part of the certification process for one of our medical products. In July 2020 we consulted turingpoint for a global Cybersecurity audit including our mobile app, backend, website and aspects of IT security in our office in Lübeck. The team conducted the tests in a very professional way and was a great help in finding potential threats and optimize the security of our system. Turingpoint also reviewed the architecture of our backend setup and helped us to design this critical part of our infrastructure in the most secure way. We are very satisfied with the results and looking forward to our next project together!
Boris Steinke
CTO - JITpay™ GmbH
As a FinTech and logistics start-up, we at JITpayTM rely on state-of-the-art technologies and have efficient digital business processes. With JITpayTM we have created the possibility to digitalise the accounting processes in logistics. As part of the Central Accounting System (ZAL®), JITpayTM takes over the accounting of all logistics costs for shippers, forwarders and transport companies. At JITpayTM the topic of security is of particular importance because we are not only a service provider but also handle sesible data in large quantities. In September 2020 we commissioned turingpoint to conduct a penetration test as part of the certification process for an authority, in order to find possible leaks in our APIs and backends. The turingpoint team carried out the tests in a very professional way and searched our systems for potential threats in 14 days. At the end of the tests we received a very good and understandable report that helped us to fix the detected threats. We are very satisfied with the results and look forward to our next joint project!
David Holetzeck
CEO - Table of Visions
Our expectations regarding quality, customer service and the execution of the penetration test and the hosting security check were exceeded and we can recommend the team of turingpoint GmbH without any restrictions. If you are looking for a service provider who prepares documents in such a way that everyone can understand them and provides advice on how to solve problems, turingpoint is the right partner for you.

Certificates & Partner

We maintain a network for active exchange of knowledge and assistance.

Frequently Asked Questions

5 FAQs related to pentesting.

What is the average cost of a pentest project?
The answer depends largely on many factors. For simple or less complex networks and software, however, you can expect prices in the range of 4,500 to 6,000 euros.
More
How do I find the right pentest provider?
Let us answer the following questions for you. What do I need? How do I know who has enough technical expertise? How do I identify unqualified vendors? How do I recognize good reputations? What should the documentation look like?
Do I need a pentest or an adversary simulation?
Any performance is useful in certain situations. It does not make sense to hire a pentest to test an organization's detection and response capabilities. Neither is using Red Teaming to look for vulnerabilities at the complete application level.
More
How are vulnerabilities classified?
We assess vulnerabilities using the CVSS standard. This metric is an open industry standard for vulnerability assessment of software severity. It is a standard that can be used to uniformly assess the vulnerability of computer systems and the severity of security vulnerabilities.
Should I have an external and internal pentest performed?
Both tests are critical to maintaining a well-secured network and should be performed at least once a year.