Penetration Testing
Benefit from the profound technical expertise of the Redguard security specialists. A penetration test is a technical security analysis that aims to identify vulnerabilities within a defined scope (network segments, servers, applications). This ensures that obvious and concealed system vulnerabilities are detected early on. Once completed, the test report delivers clear indications of countermeasures that can be applied to rectify the vulnerabilities. Should you wish to expose your entire company to a simulated attack instead of testing a predefined scope, we would be pleased to conduct an Attack simulation.
Dominique Meier
Partner & Head of Customer SuccessMore information
PostFinance: Mit effizienten Penetration Tests zur PCI DSS-Zertifizierung
Delta Electronics: Hack the ORION controller
Dormakaba: Four eyes on an IoT-product
Penetration Tests und deren Struktur
Areas
We will gladly perform penetration tests for you in the following areas and in others on request.
Web applications
Business success is, in many ways, built on smooth and secure applications. We help you to identify and systematically address vulnerabilities that may impair your security. To do this, we perform active tests in the role of the attacker. Source code reviews are also available as an additional option. Our web penetration tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security trainings for your developers.
Networks
In classic data networks as well as modern software-defined networking (SDN) environments, data is constantly moving and is shared back and forth between a variety of systems. This form of sharing is only possible with a stable and secure network. We check whether exclusively your authorized persons have access to sensitive connections and data.
Mobile
The business world would now be inconceivable without mobile applications (apps). They are often used to handle sensitive data which can be accessed through backend components. We check the security of individual apps and their matching backends. Our tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security training for your developers.
Container security
Container technologies (e.g. dockers) enable standardized and flexible procedures within the ICT landscape. Software is used to model infrastructure components and to ensure their rapid adaptability. This makes ICT flexible and scalable and enables its modification to suit your business needs at any time. We help you to use container technologies safely and review how they are implemented. We base all procedures on our Container Security Verification Standard.Furthermore, we would be pleased to offer you Trainings in this area.
IoT & hardware
The Internet of Things (IoT), especially in combination with cloud-based solutions, is growing rapidly and opening up a world of new opportunities. IoT devices and their requirement to work with modern cloud environments place additional challenges on security. We assist you in ensuring the security of IoT from the concept to the security verification of hardware components, from the update strategy to the JTAG interface.