Penetration Testing Company

We perform penetration test of web applications. The scope and complexity of a web application can range from a static web page to a multi-tenant application. This is also reflected in the number of pages in the OWASP Testing Guide, which summarizes test methods against web applications on several hundred pages. We pentest a web application both with and without credentials. In order to efficiently detect errors in the authorization management of the web application, we request test accounts for each user role and for different tenants if applicable. During a penetration test we also test for typical attacks like Injection and XSS, of course.

More about Web Application Pentesting

We perform penetration test of APIs and regulary test REST API and XML APIs for example. An API can be examined for vulnerabilities both as an independent test object in a penetration test and in combination with a front end. We usual ask for some kind of API documentation or a description of the APIs complexity during the offer process, in order to assess the required time for the penetration test. If a web appliucation is using an API, we also can determine the available endpoints of an API as part of a penetration test. Typical API security vulnerabilities are, for example, input validation errors or inadequate authorization management.

More about API Pentesting

In a penetration test against networks, the first step is to identify active IT systems and their services. Then the actual work begins - the search for vulnerabilities in the network. The test steps during a network penetration test are made up of a wide spectrum, since an IT infrastructure can consist of different services. Outdated software or misconfigurations are just two of many causes behind a security gap in a network.

More about Network pentesting

We conduct penetration test in order to comply with the Medical Device Regulation (MDR). The MDR requires verification and validation that medical products and software are secure. The Medical Device Coordination Group in its guidance document on cybersecurity for medical devices states, that the primary means of security verification and validation is testing.

More about Medical Devices pentesting

We perform penetration testing of Android apps. In case the application is not available through Google Play Store or you like to get a different version tested, you need to send us the APK. Besides installing your android app on a regular smartphone, it is also installed on a rooted android phone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented root detection or HTTP public key pinning, in order to get full control of the android app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.

More about Android App Pentesting

We perform penetration testing of iOS mobile apps. In case the application is not available through app store or you like to get a different version tested, you need to send us the IPA. Besides installing your iOS app on a regular iPhone, it is also installed on a jailbreaked iPhone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented jailbreak detection or HTTP public key pinning, in order to get full control of the iOS app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.

More about iOS App Pentesting