Our services
Penetration Tests
We have long-standing experience in the field of audits and penetration tests. Our consultants regularly attend international hacker conferences and carry out research on vulnerabilities. This allows us to not only examine your IT solutions for potential security risks on a conceptual level, but we can also detect the technical and organizational vulnerabilities that actually exist and evaluate them appropriately.
We know the latest attacking techniques and methods and regularly find unknown vulnerabilities in standard software. Depending on your needs, a penetration test can go far beyond a standard scan. This is why we time and again detect vulnerabilities in supposedly secure systems and applications that other auditors have missed
Thus you can be sure to find your vulnerabilities and close the gaps before an attacker can find and exploit them.
Technical Reviews
Source Code Reviews
In the context of source code reviews, the source code of web applications, mobile apps, fat clients etc. is examined for security flaws.
Assessments of Mobile Apps
Security assessments of mobile apps for the iOS and Android operating systems.
Assessments of Mobile Endpoints
Such assessments simulate an attacker with physical access to the endpoint to be assessed (e.g., laptop, smartphone).
Assessments of Special Devices, Embedded Systems and Customer Products
These include assessments of IoT devices, home automation and components in the environment of ICS (industrial control systems).
Security of Web Applications, Web Services and Portals
Security assessment on the application level for any kind of web application like customer portals, web shops, HR portals, online banking, intranet, etc. The assessments carried out according to recognized standards
In-Depth Reviews
Red Team Exercises
Simulated attacks are used to assess how well employees are prepared for real attacks and how resilient the infrastructure, the applications and the physical security measures are.
Our red team projects are very individually designed and are also carried out in accordance with requirements such as TIBER upon request.
More information can be found here.
War Games (Red Team vs. Blue Team)
These assessments serve as a training for the customer’s SOC. They are aimed at evaluating and improving the detection capabilities and efficiency of the blue team.
Social Engineering
Using different social-engineering techniques, we try to access sensitive company data or IT systems. Various social-engineering scenarios are run through in agreement with the customer.
Insider Analyses
Such assessments simulate an attack carried out by an insider (an intern or employee, for instance). They aim to identify the vulnerabilities that can be exploited by such an internal attacker and the risks arising from that.
Configuration Analyses
Assessments of the System Security and Hardening of Servers and Endpoints
These kinds of assessment aim to identify security-relevant misconfigurations or vulnerabilities on the operating system level that enable attacks or make them easier.
Configuration Analyses of Azure, AWS and Google Cloud Environments
Our consultants inspect the configuration of the respective cloud environment and evaluate it with regard to security-relevant settings.
WLAN Reviews/Audits
Assessment for threats and vulnerabilities of the WLAN infrastructure and the WLAN components involved
Conceptual Reviews
ISMS Assessments, Reviews of Processes or Guidelines
Data Protection Audits in the Context of IT Security
Structural Analyses of DMZ Structures and Network Reviews
Competent IT security consulting, pentests, incident response and training
cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany