Service
Assessments & Testing
Structured security assessments and penetration tests following recognized methodologies — finding weaknesses before the attacker does and building continuous audit readiness.
Overview
You can only protect what you know. Assessments and penetration tests reveal where systems, applications and processes are genuinely vulnerable — methodically, reproducibly and traceably documented.
We work along recognized methodologies: the NIST guideline SP 800-115 for technical security testing, the Penetration Testing Execution Standard (PTES), the OWASP testing guide for web applications and the OSSTMM. Every test follows a clear approach rather than random tool usage.
The result is not a tool report but a prioritized, business-related assessment with concrete recommendations — understandable for both engineering and management. This builds the bridge to continuous audit and compliance readiness: regimes such as NIS2 and DORA require ongoing monitoring and demonstrable evidence, not just an annual audit. Recurring, structured testing provides continuous proof rather than point-in-time snapshots.
Standards & norms
- NIST SP 800-115
- OWASP
- PTES
- OSSTMM
Frequently asked questions
Which standards do you use for penetration testing?
We follow NIST SP 800-115, the PTES, the OWASP testing guide and the OSSTMM — combined as appropriate for the test object.
How does an assessment differ from a penetration test?
An assessment evaluates the security posture broadly and structurally; a penetration test specifically examines the exploitability of concrete weaknesses. The two complement each other.