How do we start working with SecTepe?

All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.

What company sizes and sectors do you support?

We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.

Do you work on site, remotely or hybrid?

Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.

Which standards and regulations do you cover?

We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.

How do you protect the confidentiality of my data?

Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.

IT Security Operations

Penetration Testing

Penetration Testing for Businesses

Find and fix security gaps before attackers do. Our structured pentest approach aligned with OWASP WSTG, PTES and OSSTMM delivers audit-grade evidence for NIS2, ISO 27001, TISAX and cyber insurance — including a CVSS-rated report, a complimentary retest and a debriefing workshop.

Request Pentest See the process

$ sectepe-pentest --target webapp.example.com

[SCOPE] Web, API, Cloud, Active Directory

[RECON] Fingerprinting: Apache/2.4.54, PHP/8.1

[SCAN] Port scan: 22/SSH, 80/HTTP, 443/HTTPS, 3306/MySQL

[VULN] SQL Injection found: /api/users?id=

[VULN] XSS vulnerability: /search?q=

[CRITICAL] Unsecured admin interface: /admin

[REPORT] 3 vulnerabilities documented

[REPORT] Remediation recommendations created

Methodology aligned · regulation ready

OWASP WSTG
•
PTES
•
OSSTMM
•
BSI IT-Grundschutz
•
ISO 27001
•
NIS2
•
TISAX
•
DORA

Why run a penetration test?

Pentests are no longer just best practice — they're regulatory standard, insurance prerequisite and a critical trust signal for your customers.

Regulatory obligation

NIS2, DORA, KRITIS, TISAX and ISO 27001 A.12.6 require regular technical security assessments. Pentests provide the evidence.

Cyber insurance

Insurers and auditors increasingly require current pentest evidence as a condition for coverage, premium and sum insured.

Real risk reduction

Find exploitable vulnerabilities before an attacker does — including logic flaws no automated scanner can catch.

Customer trust

Attestation letter and management summary — hard evidence you can share with customers, partners and in procurement.

Our three-phase approach

From broad vulnerability assessment to simulated attack — modular, sequential and tailored to your specific attack surface.

Phase 1

Vulnerability assessment

Automated scans combined with manual verification expose weaknesses in systems, networks and applications — prioritised by CVSS.

Phase 2

Targeted penetration test

Manual exploitation of the critical components of your IT — based on OWASP WSTG and PTES — covering business logic, authentication and privilege escalation.

Phase 3

Red teaming

Objective-driven attack simulation based on MITRE ATT&CK over multiple weeks — including social engineering, persistence and lateral movement to stress-test your detection & response.

Included in every phase

Regardless of the chosen scope, you always get the same quality of follow-up, knowledge transfer and sustainable improvement.

Detailed report

Management summary plus technical report with CVSS-rated findings, proof-of-concept evidence and prioritised remediation advice.

Knowledge transfer

Debriefing workshop with your Dev and Ops teams. We walk through every finding reproducibly and hand remediation to the right stakeholders.

Complimentary retest

After remediation we re-verify the relevant findings — included in the fixed price. You receive an attestation letter for audits and insurance.

Types of penetration tests

Our analysts cover the full range of modern attack surfaces — bookable individually or as a combined deep-dive engagement.

Web applications

OWASP Top 10, business logic, authentication, session handling.

APIs

REST, GraphQL, gRPC — BOLA/IDOR, broken auth, mass assignment.

Network & infrastructure

External & internal, firewalls, VPN, segmentation, patch level.

Active Directory & internal

Kerberoasting, ADCS, lateral movement, Tier-0 escalation.

Cloud (AWS · Azure · M365)

IAM misconfigurations, storage exposure, Entra ID, conditional access.

Mobile (iOS & Android)

OWASP MASVS, binary analysis, secure storage, transport security.

Social engineering & phishing

Targeted campaigns to assess awareness, processes and response time.

Red team engagement

Full-spectrum attack simulation across all layers aligned with MITRE ATT&CK.

How a penetration test runs

Six structured steps that create transparency about scope, methodology and risks — and deliver lasting improvements at the end.

Scoping & kick-off

Objectives, scope, Rules of Engagement and black/grey/white-box setup.

Information gathering

OSINT, fingerprinting, asset discovery, attack-surface mapping.

Vulnerability analysis

Automated scans and manual verification aligned with OWASP WSTG and PTES.

Exploitation

Controlled exploitation to assess the actual risk exposure.

Reporting & debriefing

CVSS-rated findings, management summary and joint workshop.

Retest

Re-verification of remediated findings plus attestation letter.

Pentest vs. vulnerability scan

The two complement each other — but they're not interchangeable. A scan provides breadth, a pentest provides depth and contextual risk.

Criterion	Vulnerability scan	Penetration test
Depth	automated, broad	manual, deep
Detects zero-days & logic flaws	✗	✓
Prioritisation by exploitability	✗	✓
False-positive rate	high	very low
Effort	minimal, automated	project-based
Recommended frequency	weekly / monthly	annually + after each major release

Best practice: continuous scanning for breadth plus regular pentests for depth and logic-level risks.

What you get at the end

Every penetration test ends with a comprehensive, audit-grade deliverable package — for management, technical teams and external stakeholders alike.

Management summary

C-level ready summary with risk heat-map and strategic recommendations.
Technical report with CVSS scoring

Every finding with CVSS v3.1 rating, affected assets and reproducible steps.
Proof-of-concept evidence

Screenshots, requests and payloads — so your engineers can reproduce and close every gap.
Prioritised remediation plan

Remediation advice ranked by effort vs. impact — including quick wins and strategic hardening.
Retest & debriefing workshop

Re-verification of remediated findings and an interactive workshop with your Dev/Ops team — included in the fixed price.
Attestation letter

Audit-grade evidence for ISO 27001, NIS2, TISAX, insurers and customer RFPs.

Pentest Report — Q2/2026

Confidential · 48 pages

Total findings 12

Critical 2

High 3

Medium 5

Low / Info 2

Retest status included

Also available

Pentest as a Service with NodeZero

Between two manual pentests, your attack surface changes every single day. With our PTaaS offering powered by NodeZero from Horizon3.ai we continuously and autonomously simulate real attack chains — startable on demand, production-safe, with a full chain of exploit evidence. Ideal as a complement to the annual pentest.

Learn more about PTaaS Request a NodeZero demo

On-demand

Launch pentest runs within minutes — before every release or after architecture changes.

Autonomous

Real attack chains mapped to MITRE ATT&CK — including credential theft and lateral movement.

Production-safe

Safe exploitation without DoS risk — runs against live environments, GDPR-compliant.

Frequently asked questions

Answers to the most common questions about penetration testing with SecTepe.

How long does a penetration test take?

Duration depends on company size and scope. For mid-sized businesses plan for about one week. Smaller projects can be shorter, while complex enterprise, cloud or Active Directory environments take longer. After the scoping call we commit to a concrete timeline.

Will there be downtime or data loss?

No. Our pentests are planned and executed non-destructively. DoS scenarios are only performed with explicit written approval. Your production environment continues to run normally, with agreed test windows for sensitive activities.

Black-Box, Grey-Box or White-Box — which is right?

We cover all three. In most cases we recommend Grey-Box: you provide minimal credentials (e.g. a standard user), and we simulate a realistic attack with maximum coverage per test day. White-Box fits compliance audits, Black-Box works well for external attack surfaces.

Who carries out the penetration test?

Exclusively SecTepe in-house analysts with certifications such as OSCP, OSEP and BSI-accredited pentest qualifications. No subcontractors without your explicit approval. Team profiles are shared on request before the engagement starts.

How much does a penetration test cost?

Cost is calculated project-based on scope and person-days. After a free scoping call you receive a transparent fixed-price offer with clearly defined deliverables — no hidden follow-up costs.

How often should we test?

At minimum once a year, plus after every major release, significant architecture change or migration to a new cloud environment. NIS2, DORA and ISO 27001 A.12.6 require regular evidence — an annual pentest with event-driven retests is the baseline.

What is the difference between a classic pentest and Pentest as a Service (NodeZero)?

A classic pentest is a time-boxed, manual deep-dive by our analysts — strong on business logic, zero-days and creative attack paths. Pentest as a Service (PTaaS) with NodeZero from Horizon3 adds continuous, autonomous attack simulation between pentests: startable on demand any time, production-safe, with full attack-chain visualisation. Both approaches complement each other ideally. Learn more on our PTaaS page.

Do you know your vulnerabilities?

Let us test your systems before an attacker does. Start with a complimentary scoping call — non-binding and confidential.

Request pentest proposal Free scoping call

How we work with you

We treat every engagement as a long-term partnership rather than a one-off delivery. Our approach is organised into four clear phases so that you always know what happens when, who owns which responsibility and which outcomes you can expect.

1. Free initial conversation

We learn about your starting position, your goals and the constraints you operate under. In 30 to 45 minutes we check whether our offering fits your situation, outline possible paths and answer your questions – no obligation attached.

2. Structured assessment

We capture the current state systematically – technically, organisationally and in regulatory terms. You receive a prioritised assessment that clearly names strengths, gaps and action areas and forms the basis for a robust offer.

3. Delivery with a dedicated lead

A senior lead guides you through the delivery with clear milestones, transparent effort and cost planning and a weekly status. All results are documented and remain fully owned by you.

4. Continuous operations & review

After project close, we stay alongside you in operations – via managed-service components, regular reviews, action tracking and proactive recommendations on new threats, regulatory changes or technology shifts.

Frequently asked questions about our services

The questions we are most often asked in first conversations – answered concisely. For anything else, our team is available at hello@sectepe.de or by phone at any time.

How do we start working with SecTepe?: All engagements start with a free initial conversation. You then receive an offer with a clear scope of effort, timeline and outcomes. On request we start with a small pilot to build trust and experience our delivery before moving into full implementation.
What company sizes and sectors do you support?: We work with small and mid-sized businesses as well as with corporate divisions and operators of critical infrastructure (KRITIS). Our core sectors are manufacturing, trades, healthcare, financial services, energy providers, public sector and the DACH mid-market.
Do you work on site, remotely or hybrid?: Both. Assessments, consulting and most managed services run remotely from our German data centres. For on-site work (workshops, training, incident response) we are primarily active in North Rhine-Westphalia, the Rhineland and the Ruhr area and extend our radius as needed.
Which standards and regulations do you cover?: We work to ISO 27001:2022, BSI IT-Grundschutz, TISAX, B3S KRITIS, NIS2, DORA and sector-specific requirements. Our methodology is grounded in recognised frameworks such as NIST CSF, MITRE ATT&CK, OWASP and OSSTMM, combined tailored to each project.
How do you protect the confidentiality of my data?: Confidentiality is anchored contractually and technically. Before every engagement we sign a mutual non-disclosure agreement, data is processed exclusively in German data centres, access is governed by zero-trust policies with multi-factor authentication, and all employees are contractually and GDPR-compliant bound to confidentiality.

Book a conversation