Penetration Tests

Penetration testing simulates an attacker gaining unauthorized access to a computer or network resource, giving customers important information on any weak points in their systems or within their organization and also showing them what can be done to improve their security. 

Compass Security really values working in close collaboration with you. This is the only way we can guarantee the quality of the results when working in such a sensitive field as this. Whilst each customer’s project is tailored to their specific needs, each project follows a similar template. This is outlined below.

Expectations

We will discuss your ideas, questions and expectations for this project in detail. The goal here is to understand your requirements and to agree on a sensible testing strategy. Compass is also able to advise you on possible project add-ons or alternatives as well as more efficient testing procedures.

Different goals can be pursued using penetration tests, for instance:

  • Ensuring that systems exposed to the internet are kept updated and protected
  • Ensuring that users‘ data is protected from unauthorized access
  • Ensuring that features are restricted to specific user groups
  • Ensuring that data is backed-up in the case of hardware failure
  • Ensuring that malware is detected and does limited or no harm
  • Ensuring that attack attempts are detected by your monitoring systems
  • Ensuring that your employees know how to handle credentials
  • Ensuring that gaining physical access to your company’s buildings or data centers is restricted

Carrying out the penetration testing

An initial kick-off meeting gives another opportunity to agree on setting goals and communication channels as well as for exchanging pre-prepared data. The success and efficiency of penetration tests require a little bit of extra work on your part. 

The method applied during your project is obviously heavily influenced by the exact nature of the agreed scope and therefore varies enormously depending on your requirements. However, we consider it our responsibility to inform you immediately if we discover any particularly severe vulnerabilities in your systems. This ensures that such serious issues do not remain buried until the report is released to you and can instead be acted upon immediately. 

Final report

A comprehensive report is created for each project which documents the tests in a reproducible manner. The report is structured in such a way to give both your management teams as well as your tech teams a clear view of the findings. The report lists weak points as well as suitable countermeasures and gives you a handle of the issues in order to classify the findings and evaluate the actual risk.

Debriefing 

Major findings are presented in a debriefing meeting. This also gives you another opportunity to verify the actual risk and to propose possible alternative countermeasures. 

We are more than happy to discuss your personal requirements. Do not hesitate to get in touch.

Contact Person

CALENDAR

Beer-Talk in St. Gallen: Azure Security 101

Im Sommer 2018 kündigte Microsoft an, ihre Cloud-Lösungen aus Schweizer Rechenzentren anzubieten. Viele hiesige KMUs und Grossunternehmen haben sich... Read more

Swiss Cyber Hackathon 2019 / Zurich

Simulating Real World Cyber Scenarios – Educational Cyber Competition of Defending your Environment and Attacking your Opponents Read more

Internet Security Days 2019 - Game of IT-Security

Based on the theme "Online Security", a wide conference program and an exhibition awaits you on September 26/27, 2019. New in the programme are... Read more

ALL DATES

NEWS

So leicht wird dein Handy gehackt

Die Blick-Reporterin weiss dank Ivan Bütler, warum man auch bei einer SMS von Mami kritisch sein soll. Read more

Rückblick Digitaltag 2019

Ivan Bütler von Compass Security hat einen aufregenden Digitaltag hinter sich. Seine Live Hacks am Züricher Hauptbahnhof waren ein Publikumsmagnet. Read more

Wie steht es um die Sicherheit der Schweizer Stromversorgung?

Im Bericht der Eidgenössischen Elektrizitätskommision kommt die Schweizer Stromversorgung diesbezüglich nicht gut weg. Studerus AG hat dazu Cyrill... Read more

ARCHIVES

Compass Security Blog

enOcean Security

In this post, we are going to take a closer look at the enOcean technology, how security is implemented, and if the security measures and options available are sufficient. mehr

Privilege escalation in Windows Domains (3/3)

In this last article about privilege escalation in Windows domains, we demonstrate how to extract credentials from running systems to compromise high-privileged accounts. mehr

ZUM BLOG