Transparency about potential attacker’s entry points
Risk posture: identification of exploiting vulnerabilities
Red/Blue Team exercise to test detection capabilities
We support you to gain assurance in your organisation’s
vulnerability assessment and management processes through a
realistic simulation of a hacker attack
Benefits
Fulfilling of compliance requirements (e.g. national regulations,
GDPR, TISAX)
Recommandations regarding the improvements to be made to your
information security guidelines
IT Penetration Test
IT Penetration Test can cover from end user endpoint to on-premise/
cloud infrastructure
Why do you need Penetration Tests
«Cyber Incidents» represent one of the world’s greatest business
risks and are not considered as theoretical threats. In the IT
Penetration Test we offer, a realistic simulation of a «hacker
attack» can be carried out.
Risk analysis of cyber-attacks are often only carried out on the
basis of theoretical assessments. The implementation of a
Penetration Test is an ideal supplement to enable a real
measurement of the resistance capability of the IT environment.
Once the vulnerability is confirmed and based on these findings, a
realistic risk assessment will be made.
We offer advanced Know-How within different environments:
IT OT Platform Security
*in addition to the Penetration Test
Purple Team is the result of the collaboration between the Blue
Team and the Red Team and simulate Advanced Persistent Threats
(APT).
We offer the following IT Penetration Tests
We also offer Social Engineering Penetration Tests by taking on the
role of cyber attackers and test your IT security culture. Our
planned and targeted attacks test the information security
behaviour of your employees and expose the methods of cyber
criminals before they can attack.
BLACK BOX
GREY BOX
WHITE BOX
Auditors will not be given any knowledge about the audited asset or
group of assets We simulate a malicious third-party
Auditors will be given the knowledge of a legitimate user (e.g.
valid credentials) We simulate a malicious user or a third-party
that could get this information through a first successful
attack
Fully assess the risks of escalation and propagation, the auditors
will be given all the knowledge they need (e.g. source codes and
configurations)
We simulate a malicious third-party or user that has already
compromised part of the entire asset or group of assets
Our approach
FRANCE Metapole 1, boulevard Jean Moulin CS 40001 / 78996 Elancourt
Cedex France
UNITED KINGDOM Quadrant House / Celtic Springs Coedkernew / South
Wales NP10 8FZ / United Kingdom
GERMANY Willy-Messerschmitt-Str. 1 82024 Taufkirchen Germany
This document is not contractual. Subject to change without notice.
© 2021 Airbus CyberSecurity. AIRBUS, its logo and the product names
are registered trademarks. All rights reserved.
[email protected]
www.airbus-cyber-security.com
Airbus CyberSecurity is proud to have its own international Team
called «Defence Offence Team» for «Capture-The-Flag» challenges.
These are defence-oriented challenges with network exploration,
forensic, system hardening, security tool integration, reverse,
pentest and development exercises.
Experience in protecting critical infrastructure
All auditors have several years of experience in Penetration
Testing
International team based in Germany, France, the United Kingdom and
Spain
Information Systems Security Auditor Provider (PASSI) Qualification
in France
Successful Capture-The-Flag Team (Defence Offence Team), taking
part in well-known competitions and constantly facing new
challenges:
PASSI PDIS
Process of our IT Penetration Tests Within the scope of a Managed
Penetration Test, we also take over the planning and coordination
of all Penetration Tests that are pending in your company.
Kick-off
Analysis & Report
Scope Qualification
Selection of all assets which are in scope for the Penetration
Test
Meeting with all involved Stakeholders, introduction into (scoped)
assets
Penetration Test against (scoped) assets based on standardised
methodology
Delivery of Penetration Test Report with recommandations
* On Demand
