The advantages of penetration testing for enterprises

Today, cyber security and the success of enterprises are linked closer than we realise. Many entrepreneurs for various reasons believe their IT network is secure, unfortunately the truth is – its actually not! IT networks of all industries are daily exposed to a variety of threats, and in most cases it‘s an easy job for cyber criminals to find access to what they are looking for. In order to minimize such threats optimally, penetration testing is the best way going forward. This kind of testing is the thorough examination of complete IT networks, systems, online shops, websites, and so on, regarding their security capablites against cyberattacks of any kind. Penetration testing (e.g. performed by  is performed by certified IT experts that are highly qualified to conduct system attacks, that are performed in a very controlled fashion on any kind of IT system. The aim of these attacts is to reveal vulnerabilities and file them in a report, and to remove them subsequently.

11 advantages of a penetration test

Tests tailored to your companies needs

Because penetration tests are very precisely adaptable to the conditions on site, they are made up of a variety of individual procedures that are carried out. This is a very important point and brings every business a real advantage in terms of the effective excecution of the testing and the achieving of detailed results. The results of on and off-site penetration testing will bring the highest possible security level to any enterprise.

System failure protection

Any internal or external breach of your IT-network can lead to a complete system shutdown. Penetration tests come with a whole range of scenarios that refect realistic cyber attacks and in this way are able to show possible system deficiencies and offer solutions.

Security of your infrastructure against external threats

Security weaknesses in software, networks or applications can be an open door for external intruders. For most IT security teams, the biggest challenges today come from attacks on an application level. Special testing procedures can find such vulnerbilities in no time and determine how fast real-life attacks would be recognized and removed. The gained knowledge from the testing can be implemented into worst case measures which then are immediatly available in case of a real attack. In this way the consequences can be minimized.

Security of your infrastructure against threats from inside

The threat from inside is very often overlooked and underestimated. Data carriers or files may contain malicious software that infects and spreads within the network. And maybe the distribution of rights has not been controlled sufficiently. Penetration tests can show such weaknesses and IT systems can be secured against these kind of dangers.

Trade secrets are protected

Just one successful hack immediately endangers important data to be stolen, abused or possibly destroyed in the course. These days cyberspionage is a highly lucrative business for cyber criminals. Penetration testing can find back doors and expose weaknesses of your data security.

Need for security is determined

Hackers are always adapting their methods of attack. Determining how good your company’s IT security actually is, is therefore very important. Penetration testing conducted by experts will identify the necessary requirements for the security of your business.

IT security will be up-to-date

Once the penetration test results reveals security requirements, the IT systems can regularly be updated and thus keep it up-to-date.

It saves costs

Every manager will have an idea how much a system shut down or losing data in a breach will cost his company if an attack was successful, beside a lot of nerves. Being unable to work would most probably lead to a loss of business oportunities and perspectives. Regular penetration testing will protect you against financial losses.

IT networks will be extensively tested

Most companies install their IT systems, software or applications once in the beginning, then rarely test them and updates are only done from now and then and typically never really undergo a security test. IT penetration testing will make sure this is done.

Customer protection

Companies are expected to protect their customers against IT-threats initiated from the companies IT services. Malicious bugs, troyans or software are able to spread very rapidly. Malicious software can also be hidden in onlineshops or websites, exactly where your customers or prospects view your content. The results of a penetration test will reveal exactly how safe your customers will be, when making contact to you.

Company protection

Penetration testing is a very good tool for protecting your company’s, your staffs and your customers values. Such tests will play an essential part for your company good reputation and its success. Today in a saturated market, the customer trust is the basis for successful business relationships and will bring an obvious advantage.

Regular penetration testing is a very important tool for the IT security of small and large businesses regarding the world wide growing need for security.

Why WordPress? Advantages and Disadvantages

wordpress logo

Im my last blog I went through an quick and easy installation of WordPress. But why do you want this CMS at all?

People often asks about advantages and disadvantages of WordPress. In my opinion it is very easy to handle and has a variety of functions.

Advantages of WordPress

  • 60% of all online Content Management Systems (CMS) are WordPress.
    That’s a clear sign about the qualities of the product. Why this is so, you can read in the next lines.
  • WordPress is very powerful, even CNN, Time, UPS uses WordPress
    This CMS needs little resources compared to other CMS. It has a huge range of functionality. If there is something you need, you can have it developed by freelance programmers.
  • Large Community can help if you run into problems
    Many people know WordPress, so free and commercial support might be near to you, if you need one.
  • WordPress is very Search Engines Friendly
    If your blog isn’t found there is no need to engage with work and time. To be on the top of the search engines result page is very important if you want to push your blog. WordPress supports your efforts to be at the first site at Google.
  • WordPress is free.
    You don’t have to pay a license fee. It’s free as free beer.
  • WordPress is easy to learn and there are a lot of documentation online.
    If you are new you can grab a good book or look online at forums or especial WordPress HowTo pages. There are plenty of them. Just get started.
  • Installing is quite easy and a lot of web hosters provide ready to go packages.
    If you choose one hoster providing preinstalled WordPress, installation is just a matter of click on the right buttons.
  • Updating and management is easier than for other CMS.
    I had several CMS in my career and can say: the easiest is WordPress. That’s a fact. If you want to invest little time in management and more time into the content WordPress is definitely an option you should consider.
  • There are a lot of Designs (Themes) and add-ons (Plugins) available.
    You can even by commercial Themes for low money. But very good ones are free, too. Or if you want let your design be created and implemented by a WordPress developer.

Disadvantages of WordPress

There are so many good points that it is hard to thing of disadvantages, but there are some.

  • Not all developers a good in securing their Plugins or Theme. So security might be a problem.
  • PHP as a underlying base. But other CMS and shops (“secure” and “unsecure” onces) use PHP as well, so this might not be valid argument.
  • If you want to change the design, you need to know CSS and HTML.
  • No native and nice support for tables.

Conclusion about WordPress pro and cons

WordPress is definitely an option if you consider to start a Blogging plattform. Just get started, try it out and see if it suits you. It’s worth the effort.

wordpress logo

How to install WordPress

Setting up WordPress is very easy. Just follow these steps.

Summary of installing WordPress

  1. Download current WordPress release
  2. Create database and user
  3. Modify wp-config.php
  4. Upload it to your hoster
  5. Finish the installation

Download WordPress

WordPress can be found at

install wordpress download the tar file

Click the blue button “Download WordPress“, which can be found on the right. Currently WordPress 4.8. has 1600 files, but this may change in future. Unpack the files in a local directory.

Create database

Depending on your website hoster you should create a database for WordPress. The MySQL database needs a user who was admin permissions.

In our case this is:
Database name: db2703-wptest
Database user: db2703-wptest

The database user don’t need to be the same name. The Password of the database user needs to be a secure one: maximum number of characters, numbers, uppercase and lowercase letters and a special character. A good choice might be: “atatxah6paexae@R”. But do not use this password, create your own. is a password generator, which can help you on this task. You might ask: how can I remember this passwor? My answer: you shouldn’t remember the password. Save it in a password safe. KeePassX is my personal favorite here. It’s secure and free and available for Windows, Mac and Linux.

The database user needs the maximum permissions. With some hosters you must explicitly configure these, and with others this settings are already done automatically.

Modify wp-config.php

Copy the wp-config-sample.php to wp-config.php and change the following settings for DB_NAME, DB_USER, DB_PASSWORD and DB_HOST.

In most cases “localhost” for DB_HOST  is correct. I have installed many WordPress instances on different hosters and never used an other one.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
 define('DB_NAME', 'db2703-wptest');

/** MySQL database username */
 define('DB_USER', 'db2703-wptest');

/** MySQL database password */
 define('DB_PASSWORD', 'atatxah6paexae@R');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Go to and copy the authentication keys and salts, e.g.

define('AUTH_KEY', ' ^#XuItpn#9Z6C^^NnUeq4{r(M<c<ReQZEbSzUXcX)(gbMaD[}x>U?; C#OPk7DE');
define('SECURE_AUTH_KEY', '1`=n?o+dODh8Z)%w L3&/TUHw 1J/%q|@S-E9O7Fw/l1Q_&?!gnV`$~3!p93^KcE');
define('LOGGED_IN_KEY', 'y}#+FYkK{DxvZ%[V*e,}+7D |,_a;CM89Z%)7CwZ!F XeE-uHnnx/vO}&>hb$(f|');
define('NONCE_KEY', '50E7FQ}NH6VH7+r:Q@-:I$ROI09W(?1JY[(C(H:1$d<g%;-|4w:uZ<3DMCOZ(aZj');
define('AUTH_SALT', '?`=l1o)MoN}E?)(sKMt_*XR|nf<wh_Is(P|vKg/r|!![6D=vtKkRDF)JIr%M{:3I');
define('SECURE_AUTH_SALT', 'okhDkV]HMG!K.jxJd1Uq^RU`=,[&bL>%8 NlXZU`|*E-d>a|)t+zn 7rbI=X]f!]');
define('LOGGED_IN_SALT', 'WJNO.#b6_:e@FVd0Re8}ZA ^;h0FIYm&s#}`=Z $-ld-^9i;bmA+R`^-nh3Ut)Eg');
define('NONCE_SALT', ' ByrE|A)5f3FP3^d-qh{y8SCC3#45Fwj%llE?nS}#*G+V~h?PbMRTu[-*|||J7g;');

Set the prefix of all tables in the database.

$table_prefix = 'wptest-';

In oder to save space and speed up performance, you can define a number of revisions, which should be saved in the database. Without the definitions not limits are specified.

define('WP_POST_REVISIONS', 5);

If this is done, you have set up your configuration file.

Upload wordpress files to your hoster

You can FTP (use secure FTP!, FTPs) to your hoster and upload the files in a directory. Please be aware, on some hoster you have to use www or public_html. With others you can use e.g. wp-test and change the domain link to this directory. If the FTP client, like filezilla says that all files transferred successfully, this is done.

Here the FTP client states, that 1495 files was transfered, zero failed.

install wordpress upload files

Some hoster limit concurrent connections to their servers. Some allow eight or four. You can check the FTP-client, if there are only some errors decease the amount of concurrent connections.

Finish the installation

Go to you should see some options which can be changed.

Choose your language.

install wordpress language

Chose the password of the admin.

install wordpress create admin account

Congrats! Your first installation of WordPress is done. The next thing is to secure your installation (which is done in our next blog), choose a theme and start blogging. Happy blogging.