> > >  Jobs at netcup: Colleagues wanted! First-Level-Support (m/f/d) and Systemadministrator (m/f/d)  < < <
Support: Mon-Fri 10 AM to 6 PM (German time) +49 721 754 0 755 0

Bespoke Solutions

We offer you
  • Software as a Service (SaaS)
  • high-availability clusters
  • software development
  • server management

Penetration Testing

The term "penetration testing" describes security tests run against a network system or server from the perspective of a hacker. Within the general field of security testing, a penetration test therefore describes a test whereby a security expert attempts to deploy appropriate programs to penetrate system defences - just as would be done by a hacker trying to gain control over your servers in order to damage your business. A penetration test can be used as a preventative measure against potential hacker attacks, by closing any security holes found during penetration testing.

We offer you a penetration test against your web server, inform you about all of the security holes discovered and advise you about possible countermeasures. If required, we can also take prompt action to close the security flaws found. Our penetration tests are run by trained personnel and charged based on the final testing outcome.

Please contact us if you are interested in a test or have further questions.

The security tests we offer include the following:

Web Application Audit (PHP, Perl (CGI), AJAX)

  • Checking for MySQL injections, remote file inclusions, XSS (cross-site scripting)
  • Checking for specific vulnerabilities (incorrect configuration, null byte file upload, null byte CGI exploitation, user input routed to exec()/system() without sanitisation, spoofing (cookies, logins, referrers...) and much more (use case-dependent)
  • Source code security analysis (input correctly audited, rights assignments verified as appropriate, etc.)

Full Server/Network audit

  • Port scan, fingerprinting, service enumeration
  • Determination of versions and configurations used
  • Checking for security vulnerabilities/exploits
  • Use of remote exploits to gain access to the system
  • Use of local exploits to escalate privileges
  • Repeat analysis with automated programs for pen testing
  • Version audit for web applications (e.g. phpBB, WordPress, etc.)
  • Use of exploits to gain access to the database, email accounts or the system itself
  • Auditing for specific errors (phpMyAdmin without .htaccess protection and user/password = database root user, etc.)

Social Engineering

  • Use of social engineering (phone, email, etc.) to obtain confidential data and potentially compromise the system

Final Report

  • Summary of all functionality tested
  • List of vulnerabilities with explanatory text
  • Plan for resolving local security holes
  • Estimate of system security level

All penetration testing services are carried out by qualified personnel. Prices for penetration testing services are agreed on a case-by-case basis. For our hourly rates, please consult our price list.