Test object

Please select the type of penetration test. If you want to configure more than one penetration test, please run the configurator several times. If you are unsure or need a penetration test that does not yet exist in the configurator, please contact us. We will be happy to advise you or provide you with a manual quotation.

Web applications

The "web application penetration test" includes a comprehensive security analysis of the target application at the network and application level. For a complete description of services, click here.

Mobile Application Pentest

As part of the security analysis, we perform a mobile application penetration test of the app you provide. Choose one of the mobile operating systems listed below: For a complete description of services, click here.

API interface

Web services, also called application programming interfaces (APIs), are now part of the standard repertoire of many companies. API interfaces are used here for processing and exchanging data and are made available for web applications, mobile apps, and third-party applications. By commissioning an API penetration test, we perform a security analysis, of the API interface (e.g. SOAP or REST) defined by you in the project scope, at the network and application level. For a complete description of services, click here.

Internal IT-Infrastructure

The "penetration test of the internal IT infrastructure", involves a security analysis of the internal IT infrastructure from the perspective of an internal attacker. For a complete description of services, click here.

Publicly accessible infrastructure

The "penetration test of publicly accessible systems" includes a security analysis of all your systems accessible from the Internet, from the perspective of an external attacker. For a complete description of services, click here.

Workstation Security Assessment

The scenario-based test "Workstation Security" includes a comprehensive security analysis of a company notebook provided by you. The notebook will be reinstalled prior to our testing and set to the same configuration as a common notebook handed over to a new employee in your company. The focus of our security analysis is to identify vulnerabilities that could be exploited by an attacker to extend his privileges. Scenarios such as a stolen or lost notebook are taken into account, as is an internal attacker with simple user rights.

Active Directory Assessment

When configuring, porting or operating Active Directory directories, misconfigurations often occur. These can lead to internal attackers gaining unauthorized access to your systems, services, or resources. Even minor errors in the handling of Active Directory can have far-reaching consequences and cause security vulnerabilities for a company. Especially in the case of grown structures and many objects, risks, e.g. by the nesting of groups, arise. Your protection goals of availability, integrity and confidentiality may be compromised as a result. By commissioning an Active Directory security analysis, our security experts analyze your Microsoft Active Directory directory service for misconfigurations and existing vulnerabilities. For a complete description of services, click here.

Active Directory Password Audit

Active Directory for Windows-based networks is one of the most widespread and deployed directory services from the manufacturer Microsoft. For many companies it represents the central user administration as well as IT structure of the organization. It also contains a lot of important information such as authentication features and authorization concepts for users, objects and systems. In an Active Directory password audit, we extract the password hashes of all users in your Active Directory domain(s) without user context (anonymous password audit). We then attempt to convert these password hashes into their plaintext form using freely available password lists and other cracking methods. The following analysis of the identified plaintext passwords provides measurable results on the existing password strength in your organization. For a complete description of services, click here.

Add-Ons

We recommend the following add-ons to your Pentest. Only add-ons that also match your pentest will be displayed. The add-ons supplement the respective pentest with additional aspects.

In this part you can enter important preliminary information, which we need before starting our tests. If you can't or don't want to specify details yet, just choose the most likely answer.

Test times

What would be the daily time window in which our active tests can be performed? If testing outside of business hours is requested, the cost of our testing will increase. Business hours of tacticx GmbH Mon-Fri 7:00 - 18:00 (CEST) Note: Our tests did not intend to disrupt the general business process or cause availability issues.

Test site

Certain penetration tests can only be performed on-site or off-site. Depending on the test object, you can select the test location here accordingly.

Test completion

With each pentest, a detailed report and action plan is included. In addition, we offer either a final meeting via web conference or also on-site.

Report language

We can write the final report in English or German. Please select the desired report language:

Your individual offer

Please provide your contact information. You can then download your personal and individual offer as a PDF document. In addition, you will also receive the offer by e-mail.