Regular pen tests

  • null
    Get a thorough report on detected data leaks or vulnerabilities in your network or in partner companies with regular, automated, and professional pen tests (penetration tests).

  • null
    Always know where your systems are vulnerable. We’ll evaluate the vulnerabilities and give advice on how to fix them.

  • null
    Daily, weekly or monthly pen tests.

New IT vulnerabilities emerging daily

Hackers and secret services discover hundreds of security holes every day. Easy-to-use tools automatically track these security holes and make exploiting them very easy. The number of potential threats is therefore enormous.

Monitoring internet-connected systems is time consuming and costly. The security status can change at any time. A one-time or yearly test is simply not enough.

Monitoring with pen tests

The only protection from cyberattacks comes from regular, professionally carried out penetration tests. They give answers to questions such as the following: What security holes exist and in which systems? How critical are these holes? How have these vulnerabilities and threats changed over time? Is there information about the company or its domain in the darknet? If yes, what information? Are company passwords in circulation? If yes, which ones? Through which internet service provider is the company vulnerable?

Links to your suppliers or service provider information can also clarify the existence of security holes that threaten your systems. It is important, therefore, to examine your service providers as well.

Effective analysis of vulnerabilities

Our fully automated vulnerability scanner provides the following data for one domain and associated IP addresses (determined through a DNS scan):

  • CVE number of vulnerabilities detected
  • For known and unambiguous vulnerabilities: Short description, first and most recent appearance, approach to solution
  • Evaluation of vulnerability through CVSS scorecards
  • Affected ports will be indicated
  • Network protocols (http, FTP,…) will be indicated
  • Flawed configurations of servers, firewalls and devices can be made visible
  • An inventory of all DNS names and IP addresses is possible
  • Data leaks, affected email addresses, associated passwords and origin of leaks are visible (darknet search using domain information)

How does the pen test work?

01.

Domains to be scanned

After purchasing the pen test, indicate the domain to be scanned in the field provided (for more domains, please click here).
02.

Consent form

After purchasing the pen test, you can download the consent form in your user account, provide your legally binding signature and upload it again. The penetration test cannot be carried out without a signed consent form.
03.

Introduction to the pen test portal

You’ll receive access to the pen test portal from one of our employees. We’ll introduce the technical details in a conversation with you.
04.

Carrying out regular pen tests

The fully automated pen tests are carried out regularly and you get the results by e-mail. The scan results are also visible in the portal. Depending on your purchase, we’ll support you in correcting the vulnerabilities detected.

Our packages

Basic

Monthly scan
one domain with
max. 10 IP addresses

Technical support
not included

Minimum contract length:
6 months

249,00€
Add to cart Excluding 16% tax

Business

Weekly scan
one domain with
max. 15 IP addresses

Technical support iYou’ll get email support with the first vulnerability that is designated as critical and high priority. One of our employees will take a maximum of 15 minutes for each scan that detects a new and critical vulnerability.
15 min. / critical scan

Minimum contract length:
6 months

349,00€
Add to cart Excluding 16% tax

Management

Daily scan
one domain with
max. 20 IP addresses

Technical support iYou’ll get email support with the first vulnerability that is designated as critical and high priority. One of our employees will contact you proactively and help you for a maximum of 30 minutes for each scan that detects a new and critical vulnerability.
30 min. / critical scan + info

Minimum contract length:
6 months

549,00€
Add to cart Excluding 16% tax

Would you like to scan more than one domain? Or do need to scan more IP addresses?

Then please click here for a custom quote!

Choosing a package: Which one is right for my company?

Frequently asked questions about pen tests

Which products does the pen test use?

OWASP Zap Web Application Security Scanner and Openvas Open Source Vulnerability Scanner are used along with other specifically developed products.

Is the vulnerability scan done by a person or is it automated?

The vulnerability scan is fully automated and time-controlled.

How do I get the pen test results?

You’ll get access to a web portal in which you can see all scan details and accompanying results. You will also receive an e-mail.

What is the difference between scanning a domain and scanning an IP address?

The first step in a domain scan is to examine the associated DNS server for subdomains or other entries that give guidance on used IP addresses. Each of these IP addresses will then be checked in detail.

In an IP address scan, only the specific IP address is checked. Other connections that are the result of other used IP addresses or references in the DNS server, such as other ISPs, other service providers, vulnerabilities of other hosts, domain name use in the darknet or domain name email addresses, are not checked.

It is better to check a specific IP address when scanning a domain in order to recognise all the vulnerabilities of that domain.

Can the service provider be checked without obtaining consent?

Yes. Publicly available values are used when examining the service provider. This understanding was verified and confirmed by an expert review. Consent need not be obtained from the service provider.

What are CVSS scorecards?

The Common Vulnerability Scoring System (CVSS) is an industry standard for evaluating the severity level of possible or actual security holes in computer systems. Security holes are evaluated in the CVSS according to different criteria and metrics and compared with one another so that a priority list of corrective measures can be made. A manual evaluation can be done here: https://www.first.org/cvss/calculator/3.1.

What does CVE mean?

CVE stands for Common Vulnerabilities and Exposures and is an industry standard for naming security holes in computer systems. The CVE number for detected vulnerabilities is an identifier for frequently occurring vulnerabilities and security holes (exploits) and their largely consistent designation.

Service description

Please observe the following guidelines regarding the service scope of our pen tests:

  1. The pen tests are carried out by our service provider as our processor. Accordingly, we have closed a relevant processing agreement. Your contractual partner is activeMind AG Management- und Technologieberatung, Potsdamer Str. 3, 80802 Munich, Germany.
  2. The pen tests will be carried out automatically and at the desired frequency.
  3. Services are rendered when the results are sent by email as well as made available in the pen test portal. You will receive the pen test results in English.
  4. Duration for technical support for each scan that detects critical vulnerabilities is 0, 15 or 30 minutes, based on your selection. One of our experts will help you by email in evaluating the scan and providing recommendations.
  5. The minimum contract duration is six months from the date of purchase.
  6. The package can be cancelled on a monthly basis after the minimum contract duration has expired. Ongoing or already invoiced months will not be refunded. Cancellations can be made through your user account at activeMind.shop or in writing.