Pentest

Our Procedural Approach

Our pentests we offer in the following areas:

The pentest is prepared at a kick-off meeting with the

responsible technical and organizational specialists

of your company. In this meeting, we specify the IT

systems to be tested, coordinate necessary user ac-

counts and access channels, define contact partners

and escalation channels and discuss the test proce-

dure in detail.

During this phase, we gather information about the IT

systems specified in the kick-off meeting. In addition

to a port scan, we also perform a vulnerability scan.

In this step, we will not yet exploit vulnerabilities that

we‘ve identified. This phase helps to prepare our secu-

rity experts for the active penetration attempts to be

performed in the exploitation phase.

Information Gathering

Kick-Off

• Web Application

• IT-System (extern and intern)

• Mobile Application

• Desktop Application

• Wireless LAN

• Product Test (Software)

usd pentests involves much more than just automated secu-

rity scans. During these tests, our security specialist assumes

the role of a hacker – however, on a legal basis. Our expert uti-

lizes professional tools to obtain information and also tries to

penetrate a company’s IT systems using a targeted, individual

and creative approach. This simulated hacker attack provides high-quality results

that we summarize for you in a report that includes specific suggestions for impro-

vement.

more security usd

PCI DSS compliant

Secure Payment

The information gathered during the previous phase

is examined as to its relevance. Our security experts

compare existing data and evaluate it regarding its

consistency. In this way, potential vulnerabilities are

identified.

In this phase, we attempt to exploit the identified

vulnerabilities to actively obtain access to the target

systems and to stored data. Depending on the speci-

fic service or the technical environment, our security

team either writes new exploits or uses existing ones.

Potential vulnerabilities might turn out false-positive

in this process. Only verified vulnerabilities are inclu-

ded in the final report and classified according to their

criticality.

You will receive a comprehensive Report consisting of

an Executive Summary and a Technical Report. This

Report evaluates the criticality of the findings and the

risks of occurrence. It also includes recommenda-

tions for corrective action.

In this phase, employees of your company eliminate

identified deviations and vulnerabilities. Experienced

usd consultants will support you, as needed.

You may opt for a verification provided by us after

your remediation is completed. We will verify the ef-

fectiveness of your corrective action and adjust the

result report accordingly.

Manual Research

Report

Exploitation

Remediation

Optionale Nachprüfung

Your Personalized Certificate

Our evaluation of your scan result is based on the international security standard of

the payment card industry (PCI DSS). With your scan result you comply with PCI DSS

requirements and we’re happy to confirm this by issuing you with a personalized

certificate. This enables you to demonstrate to third parties just how seriously you

take security.

Security Certificate We hereby certify that

Max Mustermann GmbH

Street House Number Zip Code City Germany

successfully passed the [Security check] of

[short description, objective of the check]

on [date of the check]

No critical, security relevant vulnerabilities were identified according to the requirements of the internationally recognized security standards of the payment card industry (PCI-DSS). The detailed results of the test object concerned can be found in report number [XXX].

The certificate issued applies to the test objects considered and confirms the circumstances given at the time of the security check. We recommend repeating the check [on a quarterly basis] or subsequent to relevant changes.

As an auditor (QSA) and Approved Scanning Vendor (ASV) officially accredited by the PCI Security Standards Council usd AG provides consulting services to and

certifies companies Europe-wide according to the international security standard for the payment card industry (PCI DSS, PCI-PA DSS).

Place, date usd AG usd AG OEC ,hcabuT derfnaM Christian Frei, Head of usd Security Analysis & Pentests, by proxy

Neu-Isenburg, XX.XX.XXXX

Please contact us with any questions or queries.

Phone: +49 6102 8631-190 | E-mail: sales@usd.de

usd AGFrankfurter Straße 233, Haus C1

63263 Neu-Isenburg, Germany www.usd.de

This product sheet will be valid until a new version is released.  Product sheet creation date: 19/04/2017