Jump to content
Symbolfoto: Das AIT ist Österreichs größte außeruniversitäre Forschungseinrichtung

Penetration Testing & Red Teaming

A penetration test is an empirical security check using tools and techniques of real attackers. The results represent a snapshot of the current security level of tested components under a certain perspective. In general, the number of vulnerabilities found increases with time invested and the level of information available about the systems to be tested.

The result of the penetration test is a report which lists the vulnerabilities, misconfigurations and deviations from best practices identified at the time the test was performed. For each finding recommendations are given within the report.


Your benefit

  • demonstrate compliance with IT infrastructure management and due diligence requirements in the context of business-critical, sensitive, and personally identifiable data
  • get an overview of the state of IT security through an independent external audit
  • receive recommendations for necessary or reasonable security measures to increase the security level of your products in the long term
  • proactive testing of your security level to prevent unpredictable costs from cyber attacks
  • minimize risks of potential financial, reputational, and/or public safety damage


Why us

  • we are very familiar with the handling of highly sensitive data, especially in a governmental environment
  • we are confronted daily with the challenges of (security) technology, science, and research
  • we hold a recognized position in national and international security research and various innovation programs
  • we maintain strategic partnerships with important national security actors (i.e. Federal Ministry of Internal Affairs, Federal Ministry of Defence, Chancellery, national Computer Emergency Response Teams) as well as international industry initiatives
  • research projects and the use of cutting edge technologies enable us to assess future risks and attack vectors at an early stage
  • our experts hold industry leading and well-recognized certificates in all areas of IT-security and penetration testing
  • we are Austria's largest applied research institution and support the Austrian economy as an interface between science and industry; this results in a pragmatic approach in terms of efficiency and effectiveness
  • optimal alignment, so that a high degree of efficiency of IT investments and secure operation of IT services can be ensured at low cost


What we offer

The majority of penetration tests offered on the market focus on the exploitation of already known vulnerabilities. In this case, the testers rely on the automated evaluation of the security level of the components under test,. We pursue an alternative approach. Our specialists contribute their expertise from numerous top-class research projects. As a result, previously unknown, completely new vulnerabilities (i.e. zero-day vulnerabilities) can be found during the tests.

We support from the prototype to the final implementation. We have the necessary know-how and many years of project experience, with a black-box approach (i.e. without detailed knowledge of the system to be tested; e.g. via fuzzing and reverse engineering), and a white-box setting (i.e. complete information up to comprehensive source code analysis).



This is a selection of some the certifications our security experts are holding:

  • Certified Ethical Hacker (CEH)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Wireless Security Professional (CWSP)
  • Cisco Certified Network Professional (CCNP) Security
  • Computer Hacking Forensic Investigator (CHFI)
  • EC-Council Certified Security Analyst (ECSA)
  • GIAC Mobile Device Security Analyst (GMOB)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • Global Industrial Cyber Security Professional (GICSP)
  • ISA/IEC 62443 Cybersecurity Expert
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Web Expert (OSWE)
  • Trusted Security Auditor (TSA)


Security Advisories (CVE)

Our security experts are constantly finding new, previously unknown (i.e. zero-day) vulnerabilities in penetration tests. If such a vulnerability would affect not just a single customer (e.g the one we are conducting the pentest for), we report details of the issue to the vendor of the affected component. In order to protect their clients, they will be granted a reasonable period of time to resolve the issue and to roll out the corresponding patches on their clients' systems before details of the vulnerability are published.

Click here to find a list of vulnerabilities our security experts have discovered and the appertaining security advisories they have published so far.




  • ThreatGet - Threat Analysis and Risk Management
  • MoMuT - A family of automated, model-based test case generation tools