Audit & Awareness

Realistic attacks. Not just scanner reports.

Manual penetration testing by OSCP/OSEP certified specialists. Clearly prioritized findings, re-test included, optional Hardening by the same team. No 200-page PDFs without risk context.

Book a free Strategy Call

OSCP/OSEP certification · Re-test included · Report in under 10 days

At a glance

100%
manual tests, not a pure scanner
< 10 days
from the end of the test to the final report
Re-test
included, not extra
OSCP
/ OSEP certified testers

100.000+ mitigated cyber incidents

  • SecuriTy Made in Germany
  • Microsoft Solutions Partner Security
  • Microsoft Solutions Partner Infrastructure Azure
  • Microsoft Solutions Partner Infrastructure Data & AI
  • Kununu Top Company 2025
  • Alliance for Cyber Security

Why most pentests don't work.

How Pently does it differently

Pentests that lead to Hardening.

Manual exploitation, not just scanning.

OSCP/OSEP testers link vulnerabilities into real attack paths. What you see is something an attacker in your area would have actually achieved.

Risk-based prioritization.

Each finding is given a business risk context, clear reproduction steps and a concrete recommendation for action, not just a CVE number.

Re-test included.

Within 60 days of the end of the patch, we will check for free with a comprehensible report for audits.

Hardening by the same team.

Whoever attacks also helps to fix it. Optionally, we take care of the Hardening: seamlessly, without building up new knowledge.

At a glance

  • External Pentest: Internet exposed systems, VPN, OWA, Mail
  • Internal Pentest: Active Directory, Lateral Movement, Privilege Escalation
  • Web application: OWASP Top 10, Business Logic, API Security
  • Cloud Pentest: Azure, AWS, GCP – including identity misconfigurations
  • Mobile Pentest: iOS, Android, backend APIs
  • Red Team Light: targeted attack chains against agreed targets
  • Phishing assessment: technical and procedural
  • Optional Hardening support from the same specialists
Start the free NIS-2 check

How we work.

  1. 1

    Scoping

    Goals, systems, methodology (PTES/OWASP) and timing defined in a workshop.

  2. 2

    Recon & Test

    Manual tests, documented steps, coordinated escalation for critical findings.

  3. 3

    report

    Within 10 days: Management summary plus technical appendix with reproduction steps.

  4. 4

    Re-test

    Free within 60 days – with an audit-ready confirmation report.

Frequently asked questions.

How long does a pen test take?+

From 5 days for a clear web scope to 4 weeks for Internal + Cloud combined. We provide a concrete effort estimate in the scoping.

Which industries do you serve?+

PTES, OWASP WSTG, OSSTMM and MITER ATT&CK – combined by scope. Reports are audit-ready for ISO 27001, TISAX, KRITIS and PCI.

Black box, gray box or white box?+

Mostly gray box with defined test accounts - this delivers the highest benefit in a limited time. Black or white box on request.

Are you replacing Bug Bounty?+

No, both complement each other. Pentest covers depth in the agreed scope. Bug Bounty delivers breadth and durability. We help set up both.

Pentest that leads to Hardening and not to the archive.

We examine your needs in a 30-minute scoping call and provide a concrete cost estimate without obligation.

Book a free Strategy Call