A penetration test (pentest, security test) is a realistic attack simulation. All technical aspects of the target systems are checked for weaknesses and vulnerabilities. Depending on the objective of the penetration test, different types of penetration tests are used:
IT infrastructure penetration test
Manual hacking of your network environment across a wide area
We check your network environment for possible entry points, vulnerabilities and any backdoors. Swiss Infosec AG bases its assessment on the MITRE ATT&CK Framework and defines appropriate attack tactics, techniques and procedures (TTP) individually for each target environment. The IT infrastructure penetration test is carried out on a scenario basis:
- External: Checking systems exposed to the Internet. Corresponds to the ‘Attacker on the Internet’ scenario.
- Internal: Checking the resilience of systems against attacks from within. Corresponds to the ‘Attacker on the internal network’ scenario. Specific example: A simulation is carried out in which an employee’s device has been compromised and the attackers can now launch attacks from that employee’s status.
Application penetration test
In-depth, manual hacking of your GenerativeAI solution
The functions of your software solution are tested by Swiss Infosec AG penetration testers from an offensive perspective. We usually work using the grey box method, whereby we receive valid accounts from you that allow us to examine the application in an authenticated manner. Swiss Infosec AG generally follows the best practices of the Open Web Application Security Project (OWASP) when conducting these penetration tests. See also
- OWASP Web Security Testing Guide (WSTG)
- OWASP Top 10 Web Application Security Risks
- OWASP API Security Project
- OWASP Mobile Top 10
Speaking of software, please see our further information on Software Security
GenAI penetration test
In-depth, manual hacking of your GenerativeAI solution
Have your new GenAI system examined by penetration testers from Swiss Infosec AG with regard to security requirements. When conducting penetration tests, we follow established standards and frameworks such as the OWASP Artificial Intelligence Security Verification Standard (AISVS), the OWASP Top 10 for Large Language Model Applications and the MITRE ATLAS™ framework.
The duration of a penetration test depends on the complexity of the model and the desired depth of the review. A variety of techniques and tools can be used in penetration testing. Typical areas of testing include:
- Prompt injections and input validation
- Data leaking and unauthorised information disclosure
- Dependencies and third-party components
- Model robustness
- Compliance with data protection regulations
- Effectiveness of access restrictions
Speaking of AI, please see our training programme AI Manager Security & Privacy.
Your added benefit
We create and convey an in-depth understanding of the security aspects of the tested systems. In our final report, we provide you with a prioritised catalogue of measures that you can use to improve security in a targeted and resource-efficient manner. Optionally, we can issue you with a certificate that you can use as proof of security for your customers.