Since 2013 - Your Pentest Experts from Frankfurt

Penetration Testing Company

Penetration Testing

Since 2013 we conduct professional penetration test, based on international industry standards and years of experience in penetration testing, red teaming and hacking.

As a company for professional penetration testing, we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your Pentest. Read more about our pentest service.

Contact us

Structured approach

Certifications ( OSCP , OSCE , BACPP )

Identifying technical and business security risks

Risk-weighted vulnerability assessment or CVSS scoring

Report splitted in management and technical part

Retesting included

Pentesting
Areas

Web Application Pentesting

We perform penetration test of web applications. The scope and complexity of a web application can range from a static web page to a multi-tenant application. This is also reflected in the number of pages in the OWASP Testing Guide, which summarizes test methods against web applications on several hundred pages. We pentest a web application both with and without credentials. In order to efficiently detect errors in the authorization management of the web application, we request test accounts for each user role and for different tenants if applicable. During a penetration test we also test for typical attacks like Injection and XSS, of course.

More about Web Application Pentesting

API Pentesting

We perform penetration test of APIs and regulary test REST API and XML APIs for example. An API can be examined for vulnerabilities both as an independent test object in a penetration test and in combination with a front end. We usual ask for some kind of API documentation or a description of the APIs complexity during the offer process, in order to assess the required time for the penetration test. If a web appliucation is using an API, we also can determine the available endpoints of an API as part of a penetration test. Typical API security vulnerabilities are, for example, input validation errors or inadequate authorization management.

More about API Pentesting

Network pentesting

In a penetration test against networks, the first step is to identify active IT systems and their services. Then the actual work begins - the search for vulnerabilities in the network. The test steps during a network penetration test are made up of a wide spectrum, since an IT infrastructure can consist of different services. Outdated software or misconfigurations are just two of many causes behind a security gap in a network.

More about Network pentesting

Medical Devices pentesting

We conduct penetration test in order to comply with the Medical Device Regulation (MDR). The MDR requires verification and validation that medical products and software are secure. The Medical Device Coordination Group in its guidance document on cybersecurity for medical devices states, that the primary means of security verification and validation is testing.

More about Medical Devices pentesting

Android App Pentesting

We perform penetration testing of Android apps. In case the application is not available through Google Play Store or you like to get a different version tested, you need to send us the APK. Besides installing your android app on a regular smartphone, it is also installed on a rooted android phone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented root detection or HTTP public key pinning, in order to get full control of the android app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.

More about Android App Pentesting

iOS App Pentesting

We perform penetration testing of iOS mobile apps. In case the application is not available through app store or you like to get a different version tested, you need to send us the IPA. Besides installing your iOS app on a regular iPhone, it is also installed on a jailbreaked iPhone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented jailbreak detection or HTTP public key pinning, in order to get full control of the iOS app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.

More about iOS App Pentesting

How-To
Get a Pentest Offer

 
 
 
 

Get in touch

Get in touch with us, best by using our contact form.

 
 
 
 

Let's talk

We will get back to you shortly to either schedule a call or provide more information via e-mail.

 
 
 
 

Receive the offer

After we got an understand about the scope and your requirements, we compile a comprehensive pentest offer and send it to you.

 
 
 
 

Sign it

If everything is fine, you may sign the last page of our offer or we talk about necessary adjustments.

 
 
 
 

Kick-Off and Planning

Now let's do the planning of the pentesting. Finding the execution period and schedule a kick-off call if necessary.

 
 
 
 

Executing the Penetration Test

We conduct the penetration test. We typically require a technical contact to call or mail if we have any questions.

 
 
 
 

Reporting

We compile the pentest report and send it to you.

 
 
 
 

Re-Testing

We do the re-testing free of charge if remote.

Talk now
to our
Pentest experts.

Contact us
Patrick Sauer, OSCP, M.Sc. Security Management
Patrick Sauer, CEO
OSCP, M.Sc. Security Management

Talk now to our Pentest experts.

Patrick Sauer, CEO
Patrick Sauer, CEO
OSCP, M.Sc. Security Management
Contact us

Frequently Asked Questions

A penetration test (often called pentest for short) is a controlled, planned and authorized attack on IT systems, applications or networks to identify vulnerabilities before real attackers can find and exploit them.

Company

binsec GmbH
Solmsstraße 41
60486 Frankfurt am Main
Germany

Legal notice

Director: Patrick Sauer
Authorised Officer: Florian Zavatzki, Dominik Sauer
Registration: Frankfurt am Main, HRB97277
Turnover Tax Identification No.: DE290966808

© 2025 All rights reserved by binsec GmbH.

© 2025 All rights reserved by binsec GmbH.