Dr. Jens Köhler
Connected systems make tempting targets for attackers. Vulnerabilities can go undetected despite even the most diligent development practices. Standardization and regulatory bodies are well aware of the problem and now require penetration tests for certain products (UNECE r155 / ISO 21434, CRA). To this end, penetration testers take on the mantle of attackers in an attempt to identify vulnerabilities in the system.
And that is why we conduct penetration tests – to ensure your systems are indeed secure.
Testing systems holistically, in context rather than in isolation, is no easy task. This takes a diverse skill-set encompassing everything from embedded systems and cloud computing to mobile user applications and enterprise networks. ITK can help you with IT penetration testing. We also excel at testing embedded systems. Our expertise with embedded systems is a matter of record. We do indeed have a deep well of cross-industry experience in the automotive, healthcare, industrial, and other sectors to draw on. And we know all about IT systems, web and cloud services, IT networks, and smartphone applications.
We play the hacker to allow our customers to see their IT from the perspective of an intruder. This is where our role as an adversary ends. Everything else we do, particularly in projects, we do in the spirit of partnership. Simply reporting our findings is not enough – we always strive to find solutions to each customer’s unique problems. If customers wish, we can even bring them on board with the testing process. This cooperative mindset is rooted in what we do. ITK Engineering develops systems, so we are aware of all the pitfalls. Our experts have the requisite domain knowledge and know what difficulties can arise when countermeasures are taken at a late stage. And we would be delighted to share our coping strategies with you.
Our pen-testing team has the following credentials: Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Foundation in ISMS according to ISO/IEC 27001. Rest assured, your data and prototypes are safe with us. We have the following in-house certifications, including documentation and audit experience: TISAX Certification Level 3, ISO 27001 Certification.