Approach
Standards
A standardized procedure ensures constant quality during our assessments.
For our tests, we use a standardized procedure, which is extended with custom checklists and testing steps. As a foundation for our security assessments we use recognized standards of well-known organisations, such as OWASP.
Nevertheless, every penetration test is individual and the test target needs to be assessed based on the used infrastructural components, as well as the unique software in use. The combination of a standardized procedure along with individual testing steps ensures a high success rate in the indentification of vulnerabilities.
KEY FACTS
Offensive Security Certified Professional
We only engage testers with OSCP-certification for our penetration tests. This ensures high technical competence and the quality of our work and skills.
OWASP TOP 10
The the assessment of web applications we use the well-known OWASP TOP-10 standard. This standard includes a broad collection of the most critical security risks for web applications and comprises detailed test methods.
Individual checklists & testing steps
Besides industry approved standards we additionally use self-developed checklists and testing steps. These are based on the experience of our pentesters from completed client engagements, as well as newly developed approaches.
OWASP API Security TOP 10
For the assessment of API interfaces we use the known API security project of OWASP. The API security top 10 gives a broad overview of the most critical security risks for API services and includes detailed testing guides.
Detailed Quality Assurance
All our documents, like offers or final reports, include a structured quality assurance process. Reviews are conducted using the four-eye-principle with a second pentester.
NIST, CIS and Manufacturer Guidelines
Our approach, as well as our recommendations are based on manufacturer guidelines and the publications of recognized instutations such as NIST or the Center for Internet Security (CIS).
Frequent questions regarding penetration tests (FAQ)
Do you offer standard X or qualification Y?
Should your project requirements include special standards or qualifications, which are not listed on our homepage, we likely do not offer them.Feel free to contact us and we will discuss, whether your requirements can be fulfilled if possible..
All our penetration testers are OSCP-certified and have passed a 24 hour practical hacking exam with real scenarios. Should your qualitative requirements be below OSCP level, we recommend increasing them to the OSCP standard level. Inferior certifications often use theoretical skill tests (e.g., via Multiple-Choice) . For the technical assessment of penetration tests we task employees with practical hacking skills, who have a theoretical foundation.