Security Testing

Industrial espionage, sabotage, blackmail: there are many motives for attacks on IT systems. Increased mobile access via smartphones and tablets is creating more and more new ways of attacking confidential and valuable data. Today’s system environments are becoming increasingly complex. This makes it harder than ever to protect company-wide IT systems. A single weak point in your IT security is enough to leave the system open to attack – which could mean the loss of sensitive data. Active and continuously enhanced protection against attacks is therefore essential. This is equally true of software, application and network security. Our security experts detect risks in your IT systems and raise the level of your IT security in a systematic and lasting way.

Security analysis of your IT system

When it comes to security, preventive measures are the first step. So we start by determining the current level of security and identifying potential weaknesses in your applications, system infrastructure and IT processes. We examine applications and infrastructures using both static application security tests (SASTs) and dynamic application security tests (DASTs). These tests enable us to simulate attacks on test or production systems, in order to identify security risks.


Challenges to your IT security


We can also help you to eliminate any security loopholes in an effective and lasting way. However, occasional or one-off analyses cannot offer 100% protection for IT systems. This is because technologies are constantly developing, while the systems and tools available to attackers are becoming more powerful. Moreover, even very minor changes to the overall structure of your IT environment or failure to apply necessary system changes can open up new windows for attack.

Lasting protection with IT security tests

Our security experts know that: In the long term, adopting a systematic approach to attack situations is vital for a high level of security. This may mean drawing up threat scenarios or designing secure applications and architectures – we will help with development, implementation and maintenance. Our IT security tests are always based on up-to-date risk scenarios. This enables us to provide targeted end-to-end protection for your applications.

Security Testing: an overview of our services

We assess your applications, by analyzing requirements, architecture and source code
Dynamic tests detect security gaps, e.g. by automated testing of interfaces
Penetration testing of applications and IT infrastructure
Training for developers in secure software development
Preparation of mandatory concepts for secure application development
Evaluation and adjustment of suitable tools
Definition of processes, information flows and how results are presented 
Establishment of a semi or fully-automated quality gate for the technical acceptance of software 

Assistance with the definition of IT Security Management systems (ITSMS), e.g. in compliance with ISO 27000 or BSI Baseline Protection