Have your web apps, business applications or mobile apps checked for potential vulnerabilities. By their very nature, applications are designed to be user-friendly, and their functionality is often prioritized at the expense of security. Cybercriminals are aware of this and exploit it to their advantage. With our tests and reviews, we help you identify vulnerabilities in applications so that they can be mitigated.
Your web applications and their authentication methods, role concepts, application logics, and input validations are tested extensively to uncover potential vulnerabilities, including through reverse engineering. The tests are based on the OWASP Top 10 risks as well as the Application Security Verification Standard (ASVS), systematically checking all other security aspects of web apps. In addition to the actual end-user web interface, a web application penetration test can also assess underlying components such as web servers, Content Management Systems (CMS), application servers, or associated databases.
Web services and APIs (Application Programming Interface) make up the basic framework of many applications. They enable seamless integration and communication between different systems and services. This central role also harbours risks, especially as they are not generally visible via a web browser like websites.
A web service penetration test inspects the authentication and the authorization and checks for misconfigurations, excessive disclosure of data and insufficient API rate limiting. Manual and automated test methods based on the OWASP Application Security Verification Standard (ASVS) are used to identify vulnerabilities in the web service or API.
Security analyses of your client/server applications are particularly important, as attacks by cybercriminals can be carried out “from the inside” via already compromised internal systems. The importance of such tests for internal applications is often underestimated, which can lead to a false sense of security.
In addition to authentication, authorization and encryption, application penetration tests also check the security-relevant error handling of user interactions and much more. Reverse engineering, in particular decompiling, is also part of the process.
Mobile application penetration tests check the security of your iOS or Android app. Automated and manual tests are carried out to identify potential vulnerabilities, misconfigurations and logical errors. In addition, we analyze the data traffic, the accessible backend servers and the associated risks of man-in-the-middle attacks. The tests are carried out in accordance with recognized standards such as the OWASP Mobile Application Security Verification Standard (MASVS) and the Open Source Security Testing Methodology Manual (OSSTMM) to ensure the highest possible security.
A code review is a complementary perspective to a penetration test, in which the source code of your application is analyzed in depth to look for potential security gaps, vulnerabilities, misconfigurations, backdoors and more, in order to optimize the security of your environment.
Automatic tests as well as static and dynamic analyses and dependency checks are carried out, along with manual checks of the source code. This is done in accordance with current standards such as the OWASP Application Security Verification Standard (ASVS), the OWASP Code Review Guide and the Open Source Security Testing Methodology Manual (OSSTMM).
Have your applications tested by the Oneconsult Application Testing Services and find out where you stand in comparison to other companies. The documented and prioritized findings and recommendations will give you a clear view and allow you to begin closing vulnerabilities and minimizing threats before they are exploited by cybercriminals.
Don’t miss anything! Subscribe to our free newsletter.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
