CYBERSECURITY FROM IT TO OTDEFENDING AGAINST CYBER ATTACKS
WITH PENETRATION TESTS—BEFORE THEY HAPPEN

PENETRATION TESTTHE ADVANTAGES OF A PENETRATION
TEST WITH CODEWERK

In a penetration test, we simulate real attacks to uncover vulnerabilities in your system. This provides you with detailed insight into your security situation.

Identify security gaps

Penetration testing reveals vulnerabilities in IT infrastructure, applications, or networks before attackers can exploit them.

Protect sensitive data

Many companies work with sensitive data. Penetration testing helps protect this data from unauthorized access.

Save costs

By identifying vulnerabilities early on, you can avoid costly security incidents and consequential costs.

Strengthen customer loyalty

Conducting penetration tests can strengthen your customers’ trust. Because it shows that you are proactively investing in your security.

IN-DEPTH ANALYSES FOR IT/
OT INFRASTRUCTURE SECURITY

Many penetration test providers are not developers themselves. With us, it’s a different story. We develop software for security-critical applications—for example, for train control systems. This gives us a more comprehensive understanding of how critical software systems work.

The benefit: Our in-depth analyses also uncover vulnerabilities that remain hidden during superficial vulnerability scans. This provides more security for your IT and OT infrastructure.

PENETRATION TESTTHE ADVANTAGES OF A PENETRATION
TEST WITH CODEWERK

From individual components to entire digital infrastructures—with penetration tests, we can analyze your security both on a small and large scale. Your ongoing operations will not be disrupted.

IT PENETRATION TEST

From networks and servers to the cloud and entire infrastructures.

INDIVIDUAL COMPONENTS

We take a closer look at your IT components. When testing a web server, for example, we analyze configurations, patch status, and potential attack vectors such as SQL injections, cross-site scripting (XSS), and directory traversal. We also focus on insecure certificates and weak passwords to identify every possible access point for attackers.

WEB APPLICATIONS

Web applications are often the interface to sensitive data. Our thorough test uncovers vulnerabilities such as SQL injections, cross-site scripting (XSS), and cross-site request forgery (CSRF). We test API endpoints as well as authentication and authorization logics to ensure the confidentiality, integrity, and availability of your application.

NETWORK TESTS

We analyze your network segmentation, firewall, and router configurations for vulnerabilities. Open ports, vulnerable protocols, and network shares are examined, as well as the possibility of lateral movement within the network.

ACTIVE DIRECTORY

The Active Directory is the backbone of your company’s IT infrastructure. We identify vulnerabilities such as inadequate password policies, over-privileged accounts, and insufficiently secured group policies (GPOs). By simulating attacks on AD misconfigurations, we help you protect critical access rights and secure your domain structure.

IOT DEVICES

IoT devices expand your network—and potential attack surfaces. We test smart devices for vulnerabilities in firmware, authentication, and network communication. By uncovering potential backdoors, we prevent your IoT devices from becoming entry points for attackers or sources of dangerous data leaks.

OT PENETRATION TEST

From individual IoT devices to control systems and entire SCADA networks.

FIRMWARE SECURITY ANALYSIS

We thoroughly examine the firmware of your OT components for hidden vulnerabilities. Through reverse engineering and the analysis of update processes, we identify security gaps in RTUs, smart meters, and other critical devices.

INDIVIDUAL COMPONENTS

Every link in the chain must be strong. We test individual components such as programmable logic controllers (PLCs) for known and unknown vulnerabilities. We check for insufficiently protected network interfaces, vulnerable protocols like Modbus, and susceptibility to manipulated commands.

HUMAN-MACHINE INTERFACES (HMI)

The interface between human and machine is often the target of cyberattacks. We examine your HMIs for security gaps such as cross-site scripting (XSS), SQL injection, and other attack vectors.

NETWORK-BASED TESTS

In interconnected OT systems, even one single vulnerability can have far-reaching consequences. Our network-based penetration test examines your infrastructure for insufficient segmentation, vulnerable protocols, and missing encryption. We simulate network movements, attempt to gain access to critical systems, and intercept network traffic.

INDUSTRIAL CONTROL SYSTEM (ICS)

We take a holistic approach to your industrial control system—from individual controllers to the overarching SCADA system. Our comprehensive test analyzes configurations, uncovers firmware vulnerabilities, examines remote access methods, and evaluates your patch management system. This secures your entire production environment against modern cyber threats.

PENETRATION TESTS FOR INDIVIDUAL DEVICES OR ENTIRE INFRASTRUCTURES

THE TEST IN 5 STEPSHOW A PENETRATION
TEST WORKS

Our penetration tests follow a structured, transparent process. From the kick-off to the final report, we work closely with you. The goal is to sustainably strengthen your digital resilience and leave no opportunity for hackers.

/

WHAT WE OFFERONE TEST. MANY COMPONENTS.

Our penetration tests always begin with threat modeling. This means we identify and prioritize potential security threats. Taking this as the foundation, we cover the following areas:

CODE REVIEW
CODE REVIEW

Vulnerability analysis with expert knowledge from software development.

REVERSE ENGINEERING
REVERSE ENGINEERING

Examination of programs and firmware to identify critical information.

NETWORK ANALYSIS
NETWORK ANALYSIS

Detailed review of network security to detect vulnerabilities.

PROCESS CONTROL SYSTEM
PROCESS CONTROL SYSTEM

Security analysis and protective measures for industrial process control systems.

FUZZING (WHITEBOX/ BLACKBOX)
FUZZING (WHITEBOX/ BLACKBOX)

Automated testing to identify vulnerabilities in software and systems.

ACTIVE DIRECTORY AUDIT

ACTIVE DIRECTORY AUDIT

Review and secure access rights in your directory service.

SIEM TEST

SIEM TEST

We test whether your SIEM also detects penetration test attacks.

COMPLIANCEDO YOU MEET THE COMPLIANCE REQUIREMENTS FOR CYBERSECURITY?

We offer penetration tests that meet the testing requirements of specific standards and regulations. These include:

INDUSTRY

Ensuring compliance with
industrial security standards.

STANDARDS MET

• IEC 62443-4-2
• IEC 62443-3-3

CRITICAL INFRASTRUCTURES (KRITIS)

Protection of critical infrastructures through targeted security audits.

STANDARDS MET

• NIS2
• CRITICAL INFRASTRUCTURES

MEDICAL

Ensuring cybersecurity compliance in the medical sector.

STANDARDS MET

• Medical Device Regulation

Get a no-obligation consultation
for a penetration test

Are you ready to assess the strength of your cybersecurity? We are happy to advise you.

FAQs

WHAT CERTIFICATIONS DO YOUR PENETRATION TESTERS HAVE?

Our penetration testers adhere to the renowned OSCP standard (Offensive Security Certified Professional). We have more than ten years of experience in software development for industry and rail systems, and we recognize the importance of recognized certifications in penetration testing.

HOW LONG DOES A PENETRATION TEST TAKE?

Depending on the size of the system, we begin the initial analysis 30 days after first contact. After creating a tailored test plan, we start the penetration test. We document every step carefully and keep you regularly informed about the progress. This way, there are no surprises in the final report.

WHAT CVEs CAN CODEWERK PROVIDE?

Due to confidentiality agreements, we cannot disclose specific CVEs. Our expertise is demonstrated through our work together. Let’s work together to improve the security of your system and uncover potential vulnerabilities.

WHAT DOES A PENETRATION TEST COST WITH CODEWERK?

The cost depends on the scope and complexity of your system. Contact us for a customized offer. Together, we will find the right solution for your security requirements.

DO YOU HAVE A SAMPLE REPORT?

Yes, we are happy to provide you with a sample report. Please contact us, and we will send you an example right away.

Schedule a consultationSend us a message