The state of Rhineland-Palatinate and the Saarland, both represented by the State Office for Data and Information (LDI), procure personnel services for the implementation of network-based penetration tests as part of this tender.

The network-based penetration tests are intended to examine the IT components (e.g. routers, firewall systems, mail servers, DMZ systems, web servers, database servers, but also client systems) from a source network (Internet, WAN, LAN) of an IT network for technical security gaps become.

The penetration tests therefore represent a network-based check, whereby a basic distinction should be made between different attack sources and therefore also between different attack characteristics.

Two essential differences in the procedure that the bidder has to consider are reflected in the terms "black box" and "white box penetration tests". The characteristics associated with the terms are described in the following subsections and represent requirements for the bidder.

Basically, the network-based view can optionally be expanded after the order is placed or included in a more comprehensive security audit. The option of a security audit can include, for example, checking systems via direct console access or, if necessary, using system-based tools.

Other points that could optionally be commissioned are the detailed analysis of the security policy, the existing security concepts and the review of the practical implementation of the security measures.

Details with regard to the advertised services can be found in part B_Service description of the tender documents.

The state of Rhineland-Palatinate and the Saarland, both represented by the State Office for Data and Information (LDI), procure personnel services for the implementation of network-based penetration tests as part of this tender.

Through the network-based penetration tests, the IT components (e.g. routers, firewall systems, mail servers, DMZ systems, web servers, database servers, but also client systems) that can be reached from a source network (Internet, WAN, LAN) of an IT network should indicate technical security gaps to be examined.

The penetration tests therefore represent a network-based check, whereby a basic distinction should be made between different attack sources and therefore also between different attack characteristics.

Two essential differences in the procedure that the bidder has to consider are reflected in the terms "black box" and "white box penetration tests". The characteristics associated with the terms are described in the following subsections and represent requirements for the bidder.

Basically, the network-based view can optionally be expanded after the order is placed or included in a more comprehensive security audit. The option of a security audit can include, for example, checking systems via direct console access or, if necessary, using system-based tools.

Other points that could optionally be commissioned are the detailed analysis of the security policy, the existing security concepts and the review of the practical implementation of the security measures.

Details with regard to the advertised services can be found in part B_Service description of the tender documents.