What we offer

Clear focus, deep expertise, and a partnership built on handshake quality.

Pentest of external infrastructure

What do a web server, a mail server, and a VPN gateway have in common? These services are reachable over the internet, and the likelihood of an attack is high. Our goal in external pentests is to find vulnerabilities that real attackers around the world could exploit at any time.

Sample Report External Infrastructure
01

Scenario

We test your internet-facing infrastructure, which is exactly the attack surface available to real attackers at any time. In doing so, we also trace where a successful breach would lead.

02

Preparation

We need a list of externally reachable systems in scope. For efficient testing, exclude us from protection systems such as web application firewalls. For particularly interesting targets you can provide user accounts so we can also test those systems while signed in. Many customers combine external tests with an Active Directory or Entra ID assessment.

03

Checklist

First we gather information about your publicly visible infrastructure. Then we check the reachable services for outdated software, misconfigurations, and known vulnerabilities. Where we have accounts, we also test the systems from the perspective of a signed-in user. That shows you what is reachable from the internet and which risks come with it.

04

Scope

Effort depends on the number of systems and services. In most cases, plan for about 5-7 person-days at €1,600 each.

6 steps to your pentest

How we work

1

We gather your requirements

In a scoping call we define the scope and framework of the pentest together. We agree on what is in scope and what is explicitly excluded.

2

We prepare your offer

Based on your requirements we prepare a tailored offer. You receive it promptly, with a clear breakdown.

3

We clarify all prerequisites

After you engage us, we prepare the pentest in a kickoff. We align on access, test accounts, time windows, and communication channels.

4

We deliver the best pentest for you

We test within the agreed scope and timeframe. During the engagement we stay in contact and report critical findings through the agreed channels. When testing is complete, you receive the report as a secured PDF.

5

We discuss the results

Pentest reports are often extensive. After delivery we remain your point of contact and are happy to walk through the results and priorities with you.

6

We retest for free

So you can act on the report, we retest remediated vulnerabilities once at no charge if fixes are completed within eight weeks of report delivery.

Ready to work with us ?

We go on the offensive for you and uncover vulnerabilities in your applications and infrastructure so attacks never get a chance.