Approach
Standards
A standardized procedure ensures constant quality during our assessments.
For our tests, we use a standardized procedure, which is extended with custom checklists and testing steps. Our security assessments are based on established standards from renowned organizations such as OWASP and NIST.
Nevertheless, every penetration test is individual and the test target needs to be assessed based on the used infrastructural components, as well as the unique software in use. The combination of a standardized procedure along with individual testing steps ensures a high success rate in the indentification of vulnerabilities.
KEY FACTS
OSCP-certified Pentesters
Our penetration tests are conducted exclusively by our own experienced, OSCP-certified staff. This ensures a high level of expertise and practical security assessments.
Established Testing Methods & Standards
Our tests are based on recognized methodologies and standards from OWASP, NIST, and the Center for Internet Security (CIS), as well as established process models such as OSSTMM.
Web Application Security Testing
For web applications and APIs, we follow the OWASP Top 10 and the OWASP Web Security Testing Guide (WSTG). This ensures that we conduct structured and practical security assessments of modern web applications.
Mobile Application Security Testing
For mobile applications, we rely on established testing standards such as the OWASP Mobile Application Security Testing Guide (MASTG) and also focus on the apps’ backend communication, taking into account the OWASP API Security Top 10.
Detailed Quality Assurance
All reports, findings, and recommendations undergo a structured quality assurance process. Reviews are always conducted by a second qualified person in accordance with the dual-review principle.
Custom Checklists & Attack Scenarios
In addition to established industry standards, we use our own checklists and testing procedures, which are based on experience gained from real-world client projects, current attack techniques, and modern threat scenarios.
Standards and Qualifications
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
Frequent questions regarding penetration tests (FAQ)
Do you offer standard X or qualification Y?
If your project requirements specify standards or qualifications that are not listed on our website, we may not be able to provide them. We would be happy to review your specific requirements and do our best to accommodate them, if possible.
Our penetration testers are OSCP-certified and have successfully completed a 24-hour hands-on hacking exam under real-world conditions. Our requirements are therefore not based solely on theoretical knowledge, as is common with many well-known multiple-choice certifications, but on a realistic blend of theory and practical experience.
Penetration tests make use of a wide range of standards and recommendations from OWASP, NIST, and the BSI. These typically cover customer requirements in full or, at the very least, provide a high degree of coverage within the recommended testing procedure.