SERVICES > Penetration Testing

A classic approach to test the security of network connected systems is the penetration test. A penetration test mimics a real attack to answer the question of what an actual attacker can achieve. X41 performs the scoping with the customer, to tailor each penetration test exactly to the client’s needs. This includes but is not limited to attack surface, test-depth, attack vector and the decision between white-, gray- and black-box testing.

A manual approach for penetration testing and for code review is used by X41. This process is supported by tools such as static code analyzers and industry standard web application security tools.

X41 adheres to established standards for source code reviewing and penetration testing. These are in particular the CERT Secure Coding standards and the Study - A Penetration Testing Model of the German Federal Office for Information Security.

All technical findings are reported with a technical severity according to the CVSS and CWE scoring systems. If applicable, solution advice will be given on how to fix each of the discovered vulnerabilities. Due to the sensitive nature of penetration test, we currently are not able to provide an example penetration test report, but the source code audit reports can be seen here or here and are structured in a similar way.