In this type of audit there is no internal information available about the IT infrastructure. The auditor takes on the role of an anonymous hacker and attempts to simulate as real an attack as possible. Depending on the limits that have been defined for the audit, tests can take place in all relevant security zones (external, internal, DMZ).
This reveals known security gaps that could lead to problems and thus represent a direct threat.
The customer receives an external perspective on these threats and, in combination with the risk analysis and action plan, is offered options for resolving their security gaps. The end products for the project are a detailed list of threats and an action plan in the form of a comprehensive report.
