We have long-standing experience in the field of audits and penetration tests. Our consultants regularly attend international hacker conferences and carry out research for vulnerabilities. This allows us to not only examine your IT solutions for potential security risks on a conceptual level, but we can also detect the technical and organizational vulnerabilities that actually exist and evaluate them appropriately.
We know the latest attacking techniques and methods and regularly find unknown vulnerabilities in malware. Depending on your needs, a penetration test can go far beyond a standard scan. This is why we detect vulnerabilities in supposedly secure systems and applications time and time again that other auditors have overlooked.
Thus you can be sure to find your vulnerabilities and close the gaps before an attacker can find and exploit them.
In the context of source code reviews, the source code of web applications, mobile apps, fat clients etc. is examined for security flaws.
Security assessments of mobile apps for the iOS and Android operating systems
Such assessments simulate an attacker with physical access to the endpoint to be assessed (e.g., laptop, smartphone).
These include assessments of IoT devices, home automation and components in the environment of ICS (industrial control systems).
Security assessment on the application level for any kind of web application like customer portals, web shops, HR portals, online banking, intranet, etc.. The assessments are carried out on the basis of common standards.
These projects serve as a training for the customer’s SOC. They are aimed at evaluating and improving the detection capabilities and efficiency of the blue team.
Using different social-engineering techniques, we try to access sensitive company data or IT systems. Various social-engineering scenarios are run through in agreement with the customer.
Such assessments simulate an insider (an intern or employee, for instance). They aim to identify the vulnerabilities and risks that exist from the perspective of an insider.
These kinds of assessment aim to identify security-relevant misconfigurations or vulnerabilities on the operating system level that enable attacks or make them easier.
Our consultants inspect the configuration of the respective cloud environment and evaluate it with regard to security-relevant settings.
Assessment for threats and vulnerabilities of the WLAN infrastructure and the WLAN components involved
Conceptual examination of existing network architectures (e.g., DMZ)