Our services
Penetration Tests
We have long-standing experience in the field of audits and penetration tests. Our consultants regularly attend international hacker conferences and carry out research for vulnerabilities. This allows us to not only examine your IT solutions for potential security risks on a conceptual level, but we can also detect the technical and organizational vulnerabilities that actually exist and evaluate them appropriately.
We know the latest attacking techniques and methods and regularly find unknown vulnerabilities in malware. Depending on your needs, a penetration test can go far beyond a standard scan. This is why we detect vulnerabilities in supposedly secure systems and applications time and time again that other auditors have overlooked.
Thus you can be sure to find your vulnerabilities and close the gaps before an attacker can find and exploit them.
Technical Reviews
Source Code Reviews
In the context of source code reviews, the source code of web applications, mobile apps, fat clients etc. is examined for security flaws.
Assessments of Mobile Apps
Security assessments of mobile apps for the iOS and Android operating systems
Assessments of Mobile Endpoints
Such assessments simulate an attacker with physical access to the endpoint to be assessed (e.g., laptop, smartphone).
Assessments of Special Devices, Embedded Systems and Customer Products
These include assessments of IoT devices, home automation and components in the environment of ICS (industrial control systems).
Security of Web Applications, Web Services and Portals
Security assessment on the application level for any kind of web application like customer portals, web shops, HR portals, online banking, intranet, etc.. The assessments are carried out on the basis of common standards.
In-Depth Reviews
Red Team Exercises
Simulation of real attacks: How well can employees, infrastructure and physical security measures withstand the attacks? Our red team projects are designed very individually and are also carried out in accordance with requirements such as TIBER upon request. More information can be found here.
War Games (Red Team vs. Blue Team)
These projects serve as a training for the customer’s SOC. They are aimed at evaluating and improving the detection capabilities and efficiency of the blue team.
Social Engineering
Using different social-engineering techniques, we try to access sensitive company data or IT systems. Various social-engineering scenarios are run through in agreement with the customer.
Insider Analyses
Such assessments simulate an insider (an intern or employee, for instance). They aim to identify the vulnerabilities and risks that exist from the perspective of an insider.
Configuration Analyse
Assessments of the System Security and Hardening of Servers and Endpoints
These kinds of assessment aim to identify security-relevant misconfigurations or vulnerabilities on the operating system level that enable attacks or make them easier.
Configuration Analyses of Azure, AWS and Google Cloud Environments
Our consultants inspect the configuration of the respective cloud environment and evaluate it with regard to security-relevant settings.
WLAN Reviews/Audits
Assessment for threats and vulnerabilities of the WLAN infrastructure and the WLAN components involved
Conceptual Reviews
ISMS Assessments, Reviews of Processes or Guidelines
Data Protection Audits in the Context of IT Security
Structural Analyses of DMZ Structures and Network Reviews
Conceptual examination of existing network architectures (e.g., DMZ)
Competent IT security consulting, pentests, incident response and training
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany
74074 Heilbronn, Germany