Finding vulnerabilities

Applications which have been integrated in your business processes, or which perform special tasks, are commonly developed natively. These applications are usually subject to increased security requirements, as they often perform critical functions. We audit byte-code, Java, .NET, native Linux or Windows (x86 and x64) applications.

What we test

For rich-clients it is particularly necessary to adjust the testing approach for each application. We ensure that your application securely communicates over the network and important basic functions, as the authentication or the authorization management are correctly implemented. Furthermore, we test for platform specific vulnerabilities, such as buffer overflows on native applications.

Our approach

In the first step, you receive a detailed checklist with requirements we have for the assessment. With the start of the audit, we have a joint preliminary discussion, to clarify details and to become familiar with the application. We start the penetration test immediately afterwards. We utilize a checklist to ensure that no important subject is missed. We also implement a more creative part, where the auditor is testing freely. We document the results in a detailed report, which is addressed in a concluding discussion.

What you can expect

You receive a detailed report with the identified vulnerabilities from us. We extensively explain the criticality of the vulnerabilities and what impact they have on you effectively. We provide you with all the means to reproduce the found vulnerabilities yourself. Furthermore, we include specific instructions on how to sustainably remedy the vulnerabilities. You receive the report within one week in advance of our concluding discussion, allowing you to read it carefully and prepare any open questions. Naturally, we are available for any ensuing requests as well.