CRISAM Penetration Testing Knowledge Pack

This Knowledge Pack contains all modules and control objectives to prepare for a penetration test, to improve its quality and to evaluate the results in CRISAM®. Together with our partner UNINET it-consulting GmbH we have developed this pack for you.

Key features and benefits

  • Preparing for penetration tests and protecting your servers and applications.
  • Evaluation of test results in CRISAM®.
  • Relief for the tested company as well as for the service provider carrying out the test.
  • Prevents that results are delayed due to increased organisational overhead or delivered in low quality.
  • Checking of compliance with standard A 7700: information processing and technical requirements on web applications.
  • Available in German and English.

Penetration tests

Penetration tests can be carried out with different scopes and techniques. These techniques range from automated scans to manual security checks and social engineering attacks. Through its penetrations tests, which simulate attacks, this CRISAM® Knowledge Pack aims at revealing vulnerabilities in information and communications technology (ICT) systems. These tests can be carried out either as black box tests without preliminary information about the system or as white box tests for which information, e.g. access data is provided.


The results of your analyses can be evaluated by compliance reports and thus you can recognise where there is need for taking action and what the penetration tests should focus on.

Additionally, the compliance of your web applications with ÖNORM A7700 can be displayed in a further compliance report.

Figure1 – Example of modelling with CRISAM® Penetration Testing Knowledge Pack

System requirements

CRISAM® Explorer
​CRISAM® ISMS Knowledge Pack