Penetration Tests

Modern web applications offer the added value of almost unlimited functionalities with simultaneous platform independence. Due to their great complexity and the often critical data they process, web applications are still often a gateway for serious cyber security incidents.

The penetration test of a web application comprises the following test components, depending on the chosen approach:

• Security check of the web application according to the OWASP Web Security Testing Guide (WSTG) and identification of typical web vulnerabilities of the OWASP Top 10
• Examination of associated API / web services and identification of typical API vulnerabilities of the OWASP API Top 10
• Examination of the role and authorization concept
• Source code analysis
• Penetration test of the underlying web server infrastructure
• Testing of connected systems such as backend database servers

Native Application Penetration Testing

Native desktop applications for Windows, MacOS or Linux often map important business processes in companies. Due to the criticality of the processed data, as well as the communication with other systems, these applications offer attackers opportunities to extend rights, eavesdrop on communication and even completely take over the underlying system.

The penetration test of a native application comprises the following test components, depending on the chosen approach:

• Security check of the application and identification of application based vulnerabilities like SQL-Injection, DLL-Hijacking and hardcoded sensitive information
• Static/Dynamic Source Code Analysis
• Reverse Engineering
• Traffic Analysis
• Testing of connected systems such as server applications and backend database servers

Mobile Application Penetration Testing

In today’s digital age, mobile applications are an integral to our daily lives, offering unparalleled convenience and functionality across various platforms. However, this widespread use and the sensitive information they often handle make mobile applications a prime target for cyber security threats.

Our testing methodology is incorporating industry standards and best practices to ensure the highest level of security. The service includes:

• Security assessment of the mobile application based on the OWASP Mobile Security Testing Guide (MSTG), pinpointing common vulnerabilities listed in the OWASP Mobile Top 10.
• Thorough examination of associated APIs and web services to identify prevalent API vulnerabilities, adhering to the OWASP API Security Top 10.
• Evaluation of the application’s authentication, authorization, and session management mechanisms to uncover potential weaknesses.
• Static and dynamic analysis of the mobile application’s source code to detect security flaws and ensure that best coding practices are followed.
• Penetration testing of the mobile application environment, including the examination of the application on different devices and operating systems to identify platform-specific vulnerabilities.
• Examination of external components that are integrated into the mobile application, such as backend servers and databases.