AWARE7 GmbH offers a professional penetration testing service with over 28 defined work packages, targeting companies of varying sizes — from SMEs to corporations, public administration, and critical infrastructure organizations. The service is structured into two main focus areas: **External Attack Surface Analysis:** - External penetration testing (IP address-based) - Web application testing (pre-live or test instance) - API interface testing (availability, confidentiality, integrity) - Mobile application testing (Android, iOS, hybrid) - Password auditing against Active Directory users - Data leak identification against employee lists - Darknet research using keywords and data sets - Cloud environment configuration auditing - Desktop application vulnerability assessment - Single sign-on (SSO) attack simulation **Internal Attack Surface Analysis:** - Internal penetration testing - Evil Employee scenario (insider threat simulation) - Stolen Notebook scenario (lost device risk assessment) - WLAN/wireless security audit - Configuration audit against best practices - Source code review - Social engineering attempts - Physical penetration testing (building access) - Internal cloud attack surface assessment The engagement follows a structured process: initial contact, scope definition via kick-off meeting, test execution, and delivery of a written report with findings tailored for both technical staff and management. Tests are conducted in accordance with OWASP Top 10 and ISO 27001 standards. Pentesters hold certifications including OSCP+, OSWP, and OSWA.