The economical success of an enterprise depends on the efficient and secure use of information and communication technology. It is therefore essential that a company makes dispositions to guarantee the availability, the confidentiality and integrity of fundamental company information.

Penetration tests are a popular instrument to find security holes or to control the effectiveness of a measure.

The first goal of this thesis was to find existent penetration test tools and to evaluate them. In a second phase we had to build a web-platform, which should allow automated tests and their evaluation.

We divided our project into following four phases.

We first analysed some tools, which could be used for penetration tests as well as for audits. Finally we found Nessus, a free tool which met most of our conditions. The results of a test are presented in a detailed and comprehensible report, which shows what kind of vulnerabilities are present on a computer respectively in a network. In addition there are some advices, how to eliminate these security holes.

In the design-phase we elaborated some possibilities, how to execute penetration tests and audits. For penetration tests we have to build a web-interface. For audits we use the already existent client ?NessusWX?.

In the implementation-phase we built a web-interface. While doing this we had often problems, which showed us, that the interwork between two operating system like Windows and Linux does not always succeed.

At the end we tested our web-interface.

The main result of this thesis is a web-interface, which allows automated penetration tests.