Pentesting of DICOM software

As an international standard for medical imaging and image communication, DICOM defines the formats for medical images and ensures that they can be exchanged with the required data and in the required quality for clinical use.

DICOM technically defines the file format and the network protocol. The file format is designed to store medical images and patient data. It may contain data from different imaging modalities, such as radiography, ultrasonography and computed tomography. It usually contains a lot of metadata (e.g. patient data). The network protocol 104/tcp is a a client-server protocol used to transfer medical images. It is frequently used to integrate medical imaging devices and Picture Archiving and Communication Systems (PACS).

During the penetration test we for example check if the medical data is transmitted unencrypted, how CVE-2019-11687 is mitigated and are going to fuzz the DICOM API using our python dicom fuzzing library.

back to projects

How often should a penetration test be conducted?

What are the benefits of a penetration test for an organization?

Why binsec finds more findings than others?

What data protection regulations are necessary for a penetration test?

Where and how is penetration test data processed?

Talk now
to our
Pentest experts.

Contact us
Patrick Sauer, OSCP, M.Sc. Security Management
Patrick Sauer, CEO
OSCP, M.Sc. Security Management

Talk now to our Pentest experts.

Patrick Sauer, CEO
Patrick Sauer, CEO
OSCP, M.Sc. Security Management
Contact us

German Penetration Testing Services for Payment, Healthcare, and Complex System Environments

As the original penetration testing entity, binsec GmbH forms the operational foundation of binsec group GmbH. Since 2013, our permanently employed, highly certified experts (including OSCP, OSCE) have been conducting professional penetration tests based on international standards. With this extensive operational experience in the payment, banking, and healthcare sectors, we assess your business-critical systems from the perspective of advanced attackers.

Specializing in manual analysis, we clearly distinguish our services from automated vulnerability scans: Decisive security vulnerabilities are identified through structured manual analysis. This methodological expertise is also directly integrated into practical pentest training labs via binsec academy GmbH. We tailor the approach precisely to your threat model, utilizing efficient grey-box analysis for maximum transparency and depth. As a result, you receive an audit-ready final report with a clear risk assessment and actionable remediation recommendations.

Request a quote
binsec penetration testing anbieter group academy

Pentest Knowledge and Tools

binsec.tools logo

Free pentest tools for your security analysis.

Pentest Tools
binsec.wiki logo

Take a look at our wiki page about pentesting.

Pentest WIKI
binsec FAQ logo

Straight answers to common pentesting questions.

Pentest FAQ
binsec news logo

News about pentesting and the binsec universe.

Pentest News

Company

binsec GmbH
Clemensstraße 6-8
60487 Frankfurt am Main
Germany

Contact

info@binsec.com

+49 692475607-0

Legal notice

Director: Patrick Sauer
Authorised Officer: Florian Zavatzki, Dominik Sauer
Registration: Frankfurt am Main, HRB97277
Turnover Tax Identification No.: DE290966808

© 2026 binsec GmbH. The operative core enterprise of the binsec group.

Privacy Notice

© 2026 All rights reserved by binsec GmbH.

Privacy Notice