Penetration Testing – Attack Is the Best Defense
We think like attackers so you can sleep at night. Certified pentesters test your systems before real threat actors do.
Why a Vulnerability Scan Is Not Enough
Automated tools only find known vulnerabilities — business logic flaws and complex misconfigurations remain undetected.
Attackers exploit vulnerability chains, not individual CVEs. Only the combination of multiple findings creates real risk.
Compliance frameworks like ISO 27001, NIS2, and DORA require manual, context-aware security assessments.
Without realistic attack simulations, you don't know whether your defenses actually hold up under real-world conditions.
What We Do
External Penetration Testing
Attack simulation from the internet targeting your exposed systems. We identify vulnerabilities in firewalls, VPN gateways, web servers, and cloud services — from an external attacker's perspective.
Internal Penetration Testing
Simulating a compromised employee or insider threat. Active Directory assessment, lateral movement, and privilege escalation — we show how far an attacker could get inside your network.
Web Application & API Testing
Comprehensive testing of your web applications and APIs following OWASP Top 10. Including business logic testing, authentication and authorization checks.
Red Teaming
Full-scope attack simulation across multiple vectors: social engineering, physical access, and technical exploitation. We test your entire security organization.
Typical Investment Ranges
Industry benchmarks based on common market rates in the DACH region. Final pricing depends on scope and complexity.
External Pentest
from €5,000
1–2 weeks
Internal Pentest
from €8,000
incl. AD assessment
Web App / API Test
from €4,000
per application
Red Team
from €15,000
2–4 weeks
All prices excl. VAT. Custom quote after scoping call. Based on publicly available DACH market data (industry reports 2024/2025).
Our Approach
Scoping & Kickoff
Joint goal definition, scope agreement, and rules of engagement. We clarify test windows, points of contact, and escalation paths.
Reconnaissance
OSINT and passive/active information gathering. We map your attack surface before running the first test.
Exploitation
Manual and tool-assisted attack execution. We exploit identified vulnerabilities to demonstrate their real-world risk.
Post-Exploitation
Lateral movement, persistence, and data exfiltration. We show how far an attacker could go after initial access.
Reporting
Executive summary for leadership and a detailed technical report with reproducible steps and a prioritized remediation roadmap.
Debriefing & Retest
Results walkthrough with your team and retest of implemented fixes. We verify that vulnerabilities are truly remediated.
Certifications & Qualifications
Our experts hold industry-recognized certifications.
All services are delivered by Kaplan GmbH (Hamburg, Germany).
Frequently Asked Questions About Penetration Testing
- A penetration test is a controlled simulation of real cyberattacks against your IT systems. Unlike automated scans, experienced security experts manually verify whether vulnerabilities are actually exploitable. You need a pentest to get a realistic picture of your security posture — especially when compliance frameworks like ISO 27001, NIS2, or DORA require it.
- A vulnerability scan is automated and finds known vulnerabilities based on signatures. A pentest goes further: certified experts manually exploit vulnerabilities, test business logic, chain findings together, and simulate real attack scenarios. The pentest reveals actual risk, not just theoretical possibility.
- At least once per year or after significant changes to your IT infrastructure (new systems, cloud migration, major releases). Regulatory frameworks like PCI DSS require quarterly or annual tests. We also recommend ad-hoc tests after significant architectural changes.
- Our pentesters hold industry-recognized certifications: OSCP (Offensive Security Certified Professional), PNPT (Practical Network Penetration Tester), PJPT (Practical Junior Penetration Tester), and GOSI (GIAC Open Source Intelligence, SANS SEC497).
- For critical findings, we notify you immediately through the agreed escalation channel — while the test is still running. You receive an immediate alert with a description, risk rating, and recommended countermeasures. All findings are documented with full prioritization in the final report.
- After a scoping call, we jointly define goals and scope. Then comes reconnaissance, exploitation, post-exploitation, and reporting. Finally, we walk through the results in a personal debriefing and offer a retest to verify that vulnerabilities have been remediated.
Ready for Your Penetration Test?
Let's discuss in a no-obligation consultation which testing scope makes sense for your organization.
Schedule a ConsultationNo obligation · Response within 24 hours