EN / DE
  SECURITY ASSESSMENT · IT & OT

Know where you are exposed.

Structured security assessments and penetration tests for web applications, APIs, infrastructure and industrial control. We test from an attacker's perspective, with clear authorization and a report your team can act on immediately.

01 Approach

Based on recognized frameworks.

Every assessment uses the OWASP Web Security Testing Guide and PTES. It is carried out only after written authorization. Findings are scored with CVSS, classified by CWE and mapped to the OWASP Top 10, so results stay comparable and traceable.

Attacker's perspective

We think in real attack chains and test what can actually be abused.

Authorized & scoped

Scope, time window and escalation paths are agreed up front. No testing without clear sign-off.

Scored & classified

CVSS score, CWE classification and OWASP mapping for every finding, backed by reproducible evidence.

Non-disruptive

Rate-limited, with no data exfiltration and no denial of service. We stop at the controlled proof.

02 Test depth

Black, gray, or white box.

How much we know up front shapes what a test can find. We agree the level of knowledge with you, from a pure outside view to full insight into code and architecture.

Black box

No prior knowledge, no credentials. We start like an external attacker and show what is actually reachable and exploitable from the outside.

Gray box

With a user account and basic information: the view of a logged-in user or insider. The efficient middle ground between realism and coverage.

White box

We receive source code, architecture, configuration, and credentials. The additional context broadens test coverage and surfaces issues that black-box testing can leave hidden.

Which depth?

We choose the perspective by goal, risk, and budget. We combine them when both a realistic attacker's view and broader internal coverage are useful.

03 Process

What gets tested.

From reconnaissance of the attack surface to the analysis of connected attack chains: each phase builds on the one before it.

Reconnaissance

Map the attack surface: subdomains, exposed services, ports, technology stack and historical artifacts.

Asset discovery

Surface directories, forgotten endpoints, backup and config files, and the logic hidden in JavaScript.

Vulnerability scanning

Automated checks for known CVEs, missing security headers and weak TLS configuration.

Web application testing

Manual testing against the OWASP Top 10: injection, cross-site scripting, CSRF and logic flaws.

Authentication & access

Session handling, token lifecycle, brute-force protection and authorization boundaries (IDOR, privilege escalation).

API security

Endpoint enumeration, method testing, authentication bypass and object access across web and mobile backends.

Infrastructure & OT boundary

TLS and certificate review, version disclosure, and the separation between the IT network and industrial control.

Attack-chain analysis

We combine individual findings into realistic scenarios that connect initial access with potential business impact.

04 Report

What you receive.

One document for two audiences: a summary for management and a technically rigorous findings section your team can act on right away.

  1. /01

    Executive summary

    The risk picture in plain language: what was found, how critical it is and what it means for the business.

  2. /02

    Risk matrix

    All findings ranked by severity and likelihood, with a CVSS score for every entry.

  3. /03

    Prioritized findings with evidence

    Every weakness verified, with reproduction steps and proof of impact.

  4. /04

    Root-cause analysis

    The recurring patterns behind individual findings, so you can fix the causes.

  5. /05

    Remediation roadmap

    Concrete actions grouped into immediate, short-term, and medium-term work. Your team can start right away.

Authorized

Only after written sign-off and strictly within the agreed scope.

Non-disruptive

Rate-limited and free of denial of service. Tests stop at proof.

Confidential

No data exfiltration. Findings and data stay strictly confidential.

Traceable

Every finding is reproducible and backed by evidence. The documentation is audit-ready.

05 / Inquire Direct

Have it tested before someone else does.

Tell us briefly about your systems and your goal. We'll propose a fitting scope and process.