Ransomware attacks, exploited security vulnerabilities or data breaches: the media outlets are increasingly reporting new cyber security incidents. Networked systems are becoming increasingly complex and the need for comprehensive security measures is growing. Are you aware of the potential attack surfaces in your company? Are your security controls adequate and what would happen if they failed?
How well protected are you against cyber attacks?
Our penetration tests help to identify security vulnerabilities in your IT and OT environment, fix them and also meet regulatory requirements.
Penetration testing with Limes Security
A penetration test is a powerful tool for answering precisely these questions. By identifying vulnerabilities and developing remedial measures based on them, you get cyber-resilient systems, environments and products – and thus a decisive competitive advantage.
Expert
Know-how
Our experts for IT and OT security have many years of experience from industry and numerous projects. They know exactly what is important in a wide range of industries.
Customized security analyses
Limes Security does not deliver automated reports “off the shelf”. We analyze security individually tailored to your systems, threat situation and company goals.
Secure testing in critical environments
Our tests are designed in such a way that they do not disrupt operational processes. Thanks to years of experience in securing critical infrastructures, we know how to simulate attacks – with little to no risks to ongoing operations.
Clear results that help
Our reports are easy to understand, clearly prioritized and practically oriented. They offer specific recommendations for development, operation and management.
Expertise that goes beyond projects
At Limes Security, penetration testing means not only uncovering vulnerabilities, but always going one step further. Our experts are not only active in customer projects, but also compete in competitions such as the Austrian Cyber Security Challenge or international hackathons. This commitment shows: We are passionate about cyber security and apply this expertise directly to our customers’ projects.
Our penetration testing services
Goals and benefits of a penetration test
Phases of a penetration test
At Limes Security, every penetration test begins with a detailed onboarding process in which organizational issues (non-disclosure agreements, secure data exchange, etc.) are discussed and clarified. During this process, as well as during the entire project, strict rules on data classification and data handling are followed, especially with regard to the need-to-know and least privilege principle of the information obtained in the project. Project-specific organizational and technical issues are discussed in a kick-off meeting.
The actual penetration test consists of the following assessment phases:
Not found what you were looking for?
Contact us and find out more about our customized services.
Standards that we use
Depending on the penetration testing type, recognized standards, frameworks and industry-specific vulnerability catalogs are used as a methodological basis. These include, among others
- NIST SP 800-82 as a guideline for safeguarding industrial control systems (ICS)
- ISA/IEC 62443 for the cyber security of industrial automation and control systems
- NIST Cyber Security Framework (CSF) for the structured evaluation of security measures
- ISO/IEC 27001 as a reference for information security management systems or
- the OWASP Top 10 series for identifying typical security-critical vulnerabilities.
These reference works ensure that the tests are carried out in a systematic, risk-based and reproducible manner.
Limes Security News
Recently discovered vulnerabilities
Siemens Healthineers syngo.plaza – insecure password encryption vulnerability
Siemens Healthineers syngo.plaza – insecure password encryption vulnerability
Siemens Spectrum Power 4 – critical Vulnerabilities discovered in SCADA- and Energy Management System
Siemens Spectrum Power 4 – critical Vulnerabilities discovered in SCADA- and Energy Management System
Breaching the OT Perimeter: Authentication Bypass in Claroty Secure Remote Access (CVE-2025-54603)
Breaching the OT Perimeter: Authentication Bypass in Claroty Secure Remote Access (CVE-2025-54603)
Frequently asked questions
Does a penetration test have a negative impact on the system being tested?
Usually not, but it cannot be completely ruled out. Therefore, penetration tests are ideally carried out in a non-productive but equivalent environment in order to completely minimize the risk of disruption. In practice, this is not always possible, but the Limes experts are used to working in productive environments. The remaining risks are mitigated by appropriate planning, a transparent approach and a focus on communication with the customer.
Does a penetration test prove that a system is secure?
The result of the penetration test shows the vulnerabilities that could be identified and exploited based on the defined and allocated resources. By applying a risk-based approach, the respective technical results are only valid for a specific point in time. Limes Security therefore maps discovered technical vulnerabilities to the respective supporting process that failed or was insufficiently applied. This enables the vulnerabilities to be remedied at a higher level and thus promotes security in the long term.
What is the difference between a penetration test and a vulnerability scan?
It is often not clear what the difference is between penetration tests and vulnerability scans. This can lead to a vulnerability scan being sold as a penetration test, which it is not. While vulnerability scanning is usually an automated process and part of an initial phase of penetration testing, penetration testing also involves manual testing steps by experienced experts. This is necessary to create a common context of different vulnerabilities and to cover vulnerability categories that cannot be detected by automated scans at all.
When is the best time for a penetration test?
Ideally, penetration tests are carried out parallel to the entire life cycle of a system or component, with a different focus being placed on each phase. Penetration tests before the go-live/release and after major changes are particularly important.
