CYBERSECURITY FROM IT TO OTDEFENDING AGAINST CYBER ATTACKS
WITH PENETRATION TESTS—BEFORE THEY HAPPEN
PENETRATION TESTTHE ADVANTAGES OF A PENETRATION
TEST WITH CODEWERK
In a penetration test, we simulate real attacks to uncover vulnerabilities in your system. This provides you with detailed insight into your security situation.
Identify security gaps
Penetration testing reveals vulnerabilities in IT infrastructure, applications, or networks before attackers can exploit them.
Protect sensitive data
Many companies work with sensitive data. Penetration testing helps protect this data from unauthorized access.
Save costs
By identifying vulnerabilities early on, you can avoid costly security incidents and consequential costs.
Strengthen customer loyalty
Conducting penetration tests can strengthen your customers’ trust. Because it shows that you are proactively investing in your security.

IN-DEPTH ANALYSES FOR IT/
OT INFRASTRUCTURE SECURITY
Many penetration test providers are not developers themselves. With us, it’s a different story. We develop software for security-critical applications—for example, for train control systems. This gives us a more comprehensive understanding of how critical software systems work.
The benefit: Our in-depth analyses also uncover vulnerabilities that remain hidden during superficial vulnerability scans. This provides more security for your IT and OT infrastructure.
PENETRATION TESTTHE ADVANTAGES OF A PENETRATION
TEST WITH CODEWERK
From individual components to entire digital infrastructures—with penetration tests, we can analyze your security both on a small and large scale. Your ongoing operations will not be disrupted.
IT PENETRATION TEST
From networks and servers to the cloud and entire infrastructures.
We take a closer look at your IT components. When testing a web server, for example, we analyze configurations, patch status, and potential attack vectors such as SQL injections, cross-site scripting (XSS), and directory traversal. We also focus on insecure certificates and weak passwords to identify every possible access point for attackers.
Web applications are often the interface to sensitive data. Our thorough test uncovers vulnerabilities such as SQL injections, cross-site scripting (XSS), and cross-site request forgery (CSRF). We test API endpoints as well as authentication and authorization logics to ensure the confidentiality, integrity, and availability of your application.
We analyze your network segmentation, firewall, and router configurations for vulnerabilities. Open ports, vulnerable protocols, and network shares are examined, as well as the possibility of lateral movement within the network.
The Active Directory is the backbone of your company’s IT infrastructure. We identify vulnerabilities such as inadequate password policies, over-privileged accounts, and insufficiently secured group policies (GPOs). By simulating attacks on AD misconfigurations, we help you protect critical access rights and secure your domain structure.
IoT devices expand your network—and potential attack surfaces. We test smart devices for vulnerabilities in firmware, authentication, and network communication. By uncovering potential backdoors, we prevent your IoT devices from becoming entry points for attackers or sources of dangerous data leaks.
OT PENETRATION TEST
From individual IoT devices to control systems and entire SCADA networks.
We thoroughly examine the firmware of your OT components for hidden vulnerabilities. Through reverse engineering and the analysis of update processes, we identify security gaps in RTUs, smart meters, and other critical devices.
Every link in the chain must be strong. We test individual components such as programmable logic controllers (PLCs) for known and unknown vulnerabilities. We check for insufficiently protected network interfaces, vulnerable protocols like Modbus, and susceptibility to manipulated commands.
The interface between human and machine is often the target of cyberattacks. We examine your HMIs for security gaps such as cross-site scripting (XSS), SQL injection, and other attack vectors.
In interconnected OT systems, even one single vulnerability can have far-reaching consequences. Our network-based penetration test examines your infrastructure for insufficient segmentation, vulnerable protocols, and missing encryption. We simulate network movements, attempt to gain access to critical systems, and intercept network traffic.
We take a holistic approach to your industrial control system—from individual controllers to the overarching SCADA system. Our comprehensive test analyzes configurations, uncovers firmware vulnerabilities, examines remote access methods, and evaluates your patch management system. This secures your entire production environment against modern cyber threats.
PENETRATION TESTS FOR INDIVIDUAL DEVICES OR ENTIRE INFRASTRUCTURES
Telephone
+49 721 9841 4678
E-Mail
sales@codewerk.de
THE TEST IN 5 STEPSHOW A PENETRATION
TEST WORKS
Our penetration tests follow a structured, transparent process. From the kick-off to the final report, we work closely with you. The goal is to sustainably strengthen your digital resilience and leave no opportunity for hackers.
A penetration test begins with a kick-off meeting. In this meeting, we discuss the type of system to be tested as well as your expectations and goals. Together, we establish the rules for conducting the test and clarify the limitations of the test methods.
Our expert team conducts a thorough investigation of your IT infrastructure. We identify critical components and potential vulnerabilities, which serve as the basis for our tailored test plan. This phase allows for a deep understanding of your system landscape.
Based on the analysis, we develop a detailed test plan. We then carry out the penetration test, simulating various attack scenarios and uncovering vulnerabilities. Throughout the entire process, you will receive regular updates on our progress and findings.
Upon completion of the test, we prepare a comprehensive report. This report includes a detailed analysis of the results, identified vulnerabilities, and concrete recommendations for improving your IT security. The report serves as a foundation for your future security measures.
Upon request, we support you in implementing the recommended security measures. We also offer optional follow-up tests to verify the effectiveness of the new security measures and ensure that all identified vulnerabilities have been successfully addressed.
System-, Software- and Security-Know-how
To embed security comprehensively, you need to understand complex systems like process control technology or train control systems in detail.
Timon Esslinger, Cyber security expert at Codewerk
WHAT WE OFFERONE TEST. MANY COMPONENTS.
Our penetration tests always begin with threat modeling. This means we identify and prioritize potential security threats. Taking this as the foundation, we cover the following areas:
Vulnerability analysis with expert knowledge from software development.
Examination of programs and firmware to identify critical information.
Detailed review of network security to detect vulnerabilities.
Security analysis and protective measures for industrial process control systems.
Automated testing to identify vulnerabilities in software and systems.
Review and secure access rights in your directory service.
We test whether your SIEM also detects penetration test attacks.
COMPLIANCEDO YOU MEET THE COMPLIANCE REQUIREMENTS FOR CYBERSECURITY?
We offer penetration tests that meet the testing requirements of specific standards and regulations. These include:
INDUSTRY
Ensuring compliance with
industrial security standards.
STANDARDS MET
• IEC 62443-4-2
• IEC 62443-3-3
CRITICAL INFRASTRUCTURES (KRITIS)
Protection of critical infrastructures through targeted security audits.
STANDARDS MET
• NIS2
• CRITICAL INFRASTRUCTURES
MEDICAL
Ensuring cybersecurity compliance in the medical sector.
STANDARDS MET
• Medical Device Regulation
Get a no-obligation consultation
for a penetration test
Are you ready to assess the strength of your cybersecurity? We are happy to advise you.
FAQs
Our penetration testers adhere to the renowned OSCP standard (Offensive Security Certified Professional). We have more than ten years of experience in software development for industry and rail systems, and we recognize the importance of recognized certifications in penetration testing.
Depending on the size of the system, we begin the initial analysis 30 days after first contact. After creating a tailored test plan, we start the penetration test. We document every step carefully and keep you regularly informed about the progress. This way, there are no surprises in the final report.
Due to confidentiality agreements, we cannot disclose specific CVEs. Our expertise is demonstrated through our work together. Let’s work together to improve the security of your system and uncover potential vulnerabilities.
The cost depends on the scope and complexity of your system. Contact us for a customized offer. Together, we will find the right solution for your security requirements.
Yes, we are happy to provide you with a sample report. Please contact us, and we will send you an example right away.