Our team of pentesters helps companies that want to secure their applications. We advise, test and support you in identifying security gaps and closing them together with you.
We are convinced that a holistic IT security approach can sustainably protect complex applications and critical infrastructure from hacker attacks. An important component is the penetration test. We examine your web applications and web services, as well as their interfaces, for vulnerabilities and find security holes before others exploit them.
Find and close gaps
Pentesting makes it possible to find and close security gaps and vulnerabilities in software and infrastructure. Our certified experts test your web applications independently of the technology and infrastructure used.
Tailor-made testing concepts
In order to be able to react flexibly and agilely to possible attack vectors, we offer you individual penetration tests. These are optimally aligned to the specific requirements of your web application – whether standard or individual software in a server or cloud infrastructure.
Our way of working
Our approach follows the recommendations of OWASP and the BSI.
Together with you, we get an overview of your requirements, create an individual checklist and define the framework parameters.
Depending on the framework parameters, we carry out blackbox, greybox or whitebox testing, taking into account the OWASP Testing Guide and the BSI Pentesting Guide.
Documentation German or English
We create a documentation with a description of the weak points, a description for reproduction and offer you advice and support in eliminating the findings.
Presentation on site
Optionally, we present our findings on site.
Optionally, we re-test all vulnerabilities found.
We carry out our pentests on test systems and offer three test variants. After completion of the tests, you will receive documentation with comprehensible solution recommendations, which we will coordinate with you personally if necessary.
Advantages of black box testing are:
- Real attack conditions
- Less organisational effort
In black box testing, no information (source code, operational or network information) is available to the testers; the team must obtain the information itself. The procedure best simulates an external criminal attack.
Advantages of greybox testing are:
- A defined test field
- Faster tests through known basic information
Our testers are provided with defined basic information and learn what the application specifically does. The source code is not usually made available for greybox testing.
Advantages of whitebox testing:
- Testing of sub-components and internal functioning
- Comprehensive insights into possible weak points
Our pentesters receive all necessary information, data and source codes of the IT systems as well as knowledge of the internal structures, the architectural principle and the documentation before the test begins. A source code audit does not take place within the scope of a whitebox test.
how secure your software is?
Ask us! Thanks to professional pentesting and custom-fit test concepts, we can find out for you – and then define suitable measures.