Your challengesAs we grow ever more reliant on digital data, network security is becoming increasingly important in preventing unauthorised access to personal and corporate data. The security of IT systems is therefore essential in the protection of your organisation’s knowledge.

What is penetration testing?Penetration testing assesses whether your IT systems are secure against the potential external threats that they face. It puts IT systems to the test by using the same methods that potential hackers would employ, revealing whether you’re protected against real world attacks. Based on information gathered during the test, our security experts will then draw up a detailed risk assessment report recommending any remedial action required and, if necessary, carry out further tests to assess the effectiveness of the improvements.

Why is penetration testing important for your business? Independent penetration testing not only protects your knowledge – it also safeguards your assets and reputation. It minimises the risk of financial loss if your network is attacked, underlines your organisation’s commitment to IT security, and creates confidence among the individuals and organisations you do business with.

How can we help you?TÜV SÜD has a wealth of experience in penetration testing. Our highly qualified staff will probe your IT infrastructure for vulnerabilities just as if they were themselves cybercriminals – and then suggest ways to plug any gaps that they find in your security. By addressing your security loopholes found through penetration testing, you can then be assured of the best possible protection against attacks from criminal hackers.

TÜV SÜD

Penetration testingEnsure the security of your IT systems

Choose certainty.Add value.

Our penetration testing services TÜV SÜD’s penetration testing services are a powerful tool to achieve increased safety and added economic value for your business. The precise scope of the penetration test, and the approach adopted, are customised to your requirements. It consists of four modules, which can be used individually or in combination. We can also check your firewall, routers, mail, name

and web servers, e-commerce and other online applications as well as backend database systems.Your external systems will be tested using a black-box process and specialist software, scripts and other tools. When reviewing your internal IT, we may place a test system on your network, carry out an on-site audit, and/or analyse your system documentation.

Web applications

These are especially vulnerable when accessed from multiple devices and locations. The main risk involves unauthorised third-party

access to data. When the test is completed, we will rate your

security and propose remedial measures for any weaknesses. The test is carried out in accordance with

OWASP guidelines.

WLANs

Wireless networks are vulnerable to attack because access to them is difficult to control. The main risk lies in unauthorised network

and data access. The test identifies existing risks and

recommends remedial measures.

Infrastructure

This tests external, publicly accessible systems such as mail servers, and/or infrastructure that can be accessed from within the organisation. We identify and evaluate existing risks, and

propose measures to deal with them. The test is carried out in accordance with

OSSTMM (Open Source Security Testing Methodology Manual).

PCI-DSS

This service is aimed at companies who are required by PCI data security standards to carry out annual penetration tests. The main risk lies in unauthorised access to the

system environment and cardholder data. The test identifies possible sources of attack

and manipulation, and reviews weaknesses as specified in the standard.

Penetration test modulesThe four penetration test modules listed below can be used individually or in combination.

Exploitation

Our experts will actively attempt to exploit vulnerabilities, for example, by obtaining sensitive information or hacking your system. Because if one system can be compromised, this often serves as the starting point for attacks on further systems.

Documentation

We will fully document the details of any successful attack, so that you can reconstruct it afterwards.

Passive information gathering

We will collect as much publicly available information as possible to use as a basis for the test.

Active information gathering

During this phase, we will identify possible points of entry to the systems being tested.

ImplementationPreparation

Final presentation

Kick-off meeting

Define scope of test. Determine test period and

report language. Discuss general issues relating

to the project.

How the test is implemented will depend on the areas you want to assess and the modules you select. It will normally include the following four phases:

Analyse your company’s business environment.

Define objectives and procedure. Identify security risks specific

to your sector.

If required, we can give a presentation detailing the results of the test.

Penetration test procedure

Your business benefitsProtect confidential data and reputation – by ensuring

that your confidential data is safe from cybercriminals, giving you and your customers peace of mind. Improve business continuity – by safeguarding your

network against potential attacks. Save time – with minimal preparation required on

your part. We can carry out the testing quickly and efficiently based on your requirements. Save money – with fully transparent and competitive

costs, leaving your in-house IT staff free to focus on their core functions.

Why choose TÜV SÜD?As experts in IT security and data protection, TÜV SÜD can carry out penetration testing to the very highest standards. Our specialist interdisciplinary teams will help you to identify and deal with information risk, improve the security of your IT systems and applications, minimise e-commerce risk and meet data protection requirements.

As rapid technological change continues to open up new opportunities for companies, we can keep a constant eye on your network security, recognise and prevent risks as they arise, and remedy them where necessary. As a result, you will remain free to concentrate fully on your core business.

Choose certainty. Add value.TÜV SÜD is a premium quality, safety and sustainability solutions provider that specialises in testing, inspection, auditing, certification, training and knowledge services. Represented in over 800 locations worldwide, we hold accreditations in Europe, the Americas, the Middle East, Asia and Africa. By delivering objective solutions to our customers, we add tangible value to businesses, consumers and the environment.

TÜV SÜD AG Westendstr. 199, 80686 Munich, Germany +49 89 5791-0 it-security@tuv-sud.com www.tuv-sud.com/it-security

2015

© T

ÜV S

ÜD A

G | V

-M/M

S/34

.0/e

n/SG

Related services

s@fer shopping certification Certified data centreWebsite checksCertified data destructionData protection auditsCertified order data processing