Penetration Testing

Our Services

• Web applications

  Business success is, in many ways, built on smooth and secure applications. We help you to identify and systematically address vulnerabilities that may impair your security. To do this, we perform active tests in the role of the attacker. Source code reviews are also available as an additional option. Our web penetration tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security trainings for your developers.

• Mobile apps

  The business world would now be inconceivable without mobile applications (apps). They are often used to handle sensitive data which can be accessed through backend components. We check the security of individual apps and their matching backends. Our tests include the OWASP Top 10 and other application-specific risks. Besides regular tests, we recommend specific security training for your developers.

• IoT & hardware

  The Internet of Things (IoT), especially in combination with cloud-based solutions, is growing rapidly and opening up a world of new opportunities. IoT devices and their requirement to work with modern cloud environments place additional challenges on security. We assist you in ensuring the security of IoT from the concept to the security verification of hardware components, from the update strategy to the JTAG interface.

• Networks & cloud infrastructures

  Whether traditional on-premises networks, software-defined networking (SDN) or multi-cloud infrastructures: data is constantly on the move and is exchanged between different systems. A stable and secure network with all its distributed components enables this exchange. We check that only authorized persons can access sensitive connections and data and that data, systems and resources are adequately protected.

• Network & infrastructure services

  Network and infrastructure services such as Active Directory (AD) / EntraID, IAM, DNS, PKI or container technologies form the backbone of every network, both on-premises and in the cloud, and enable the standardization and flexibilization of the ICT landscape. Each new component demands new security requirements and increases the complexity of the entire ecosystem. We help you to check the use and interaction of your network and infrastructure services from a technical perspective and identify attack vectors not only in the individual components, but also in the interaction of all components.

• System hardening

  Secure provisioning of applications is built around the operating system. We review whether your operating system (Windows, MacOS, Linux) is adequately hardened and therefore consistent with the necessary security level. In addition we can also support you in hardening your cloud environment based on platforms like Microsoft Azure, Amazon Web Services (AWS) and Cloud Computing Services (GCP).