Security tests, Penetration testing (Pentests)
Technical security tests are an important part for the overall security of a system. It does not depend whether a pure IT system is concerned, like an Internet server, or for instance the remote control of a heating system. All IT-related systems have critical demands on working security measures.
Although security tests do not replace a security process, they must be part of this process. Their results provide very important information about missing security measures or even critical vulnerabilities. As consequence, security testing not only leads to the correction of security flaws but also to adjustments of development and company processes. Hence, corresponding security flaws can be avoided permanently.
For the basic understanding of the expression penetration test, it has to be said that security tests, examination and pentesting are often used simultaneously. However, an actual pentest means the technical examination from a hacker's point of view (hacker/cracker) with the ultimate goal to penetrate a system or otherwise proof a corresponding opportunity.
A pentest without result or without findings is no proof for a system's security. A pentest solely is a form of a random sample which is executed only at a limited time and cannot not make any statement for future changes.
Execution Assistance (worldwide)
We are focussed on web technologies, web applications and web services. This includes web/online shops, Internet services, cloud applications and other web front-ends and corresponding back-end systems. Moreover, this includes web components as part of integrated products.
Manual testing and automated scans identify general vulnerabilities like unpatched software but also specifically web application vulnerabilities, for instance SQL Code Injection or Cross-Site-Scripting. Besides the discovery of technical security vulnerabilities, information about flaws in system architectures and organizational measures like patch management are unfolded.
We like to support you selecting an adequate, independent penetration testing partner and support from your point of view when defining assignment & order, during execution and following processes.
Orientation guides
The following links provide a little help for understanding the background of security tests a bit better and provide suggestions for the area of web security in general:
- Open Source Security Testing Methodology Manual: OSSTMM
- Open Web Application Security Project (OWASP): Top Ten Project
- The Web Application Security Consortium: Threat Classification (old)
Support in case of Security findings or Security incidents
We offer consulting options for understanding security findings or possible solutions to fix vulnerabilities (Incident Handling).
If hotfixes are necessary, we guide you through the consideration process to find an adequate solution.
Other Services
We also offer further services. Contact us to talk about the following security activities:
- Executing individual security checklists
Does your company have its own security tests and checklists but needs (temporary) support for executing them? We examine your test documentation and make you an individual offer. - Creation of security tests for software development processes or software acceptance
We support your software development process by defining adequate security tests for every development stage. This leads to cost savings because security issues and concerns can be mitigated very early in development. Moreover, such tests can be used for acceptance tests. - IT/Computer Forensics
In individual cases we analyze data flows and data residues in certain IT applications - we guide you to find the perfect expert for your case.