Penetration Test

Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats

Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.

ISO 27001 Security Audit

ISO-compliant assessment of your information security landscape

Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.

Digital Forensics & Incident Response

Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation

Respond effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified DFIR experts.

Security consulting

Security training

Security Officer Services

Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 1600+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

05-Apr-19

01.07.2019 / (IoT) Safety & Security - Challenges in the Embedded Market in München

Presentation: “How (not) to trust your devices” by Senior Penetration Tester, IT-Forensiker & Security Researcher Rafael Scheel.

05-Apr-19

22.05.19 / IT-Sicherheitskongress of BSI in Bonn

Presentation about “PowerShell in der Post Exploitation – Grundlagen, Angriffe, Forensik, Verteidigung”. Speaker: Senior Penetration Tester & Security Consultant Frank Ully.

News & Advisories

05-Jun-19

Article "Attack on contactless cards" in the program "Kassensturz"

Our IT security experts Jan Alsenz & Adrian von Arx have conducted an exciting hacking experiment: Attack on contactless cards. The experiment was broadcasted in the program “Kassensturz”. Click here to see the article: https://www.srf.ch/play/tv/sendung/kassensturz?id=78a6014e-8058-4bdd-88aa-824f846ca6f0 (1:16 min – 9:00 min)

03-Jun-19

Excellence in Compliance

Tobias Ellenberger, COO of Oneconsult AG speaks about “Cyber Risks and Incident Response – With Compliance to Responsiveness” at this year’s Excellence in Compliance event on June 6, 2019 in Zurich.

More information: https://www.zhaw.ch/de/sml/institute-zentren/zwh/tagungen/excellence-in-compliance/

Pen Tester's Diary

13-Jun-19

(In)secure passwords – Part 1: Paradigm shift in password policies

by Sandro Affentranger

This is the first instalment in a two-part series about passwords. Passwords have become indispensable these days. For a long time the recommendation was to make passwords as complex as possible – but lately this has changed: “Long instead of complex” is the new motto. This article introduces the topic and explains why passwords play such an important role. It discusses the risks associated with having passwords fall into the wrong hands, and identifies possible measures to assess and mitigate these risks. [read the German article]

27-May-19

OWASP IoT Top 10 - Part 1

by Jakob Kunzmann

This is the first of two articles presenting the OWASP Top 10 on the Internet of Things, a list of the top ten security risks in IoT, published by the Open Web Application Security Project (OWASP). In this article, the technical aspects of IoT risks are described and, if possible, prominent cases in which they have been exploited are highlighted. If applicable examples exist, the focus will be on malware or attacks for industrial IoT applications. [read the German article]

Our customers value our expertise and vast project experience of over

Penetration test projects, over 850 of which OSSTMM-compliant

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Digital Forensics & Incident Response (DFIR) projects

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

OSSTMM – Open Source Security Testing Methodology Manual

OWASP – Open Web Application Security Project

ISO 27001 – Information Security Management System (ISMS)

Holding

Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

Tel +41 43 377 22 66
Fax +41 43 377 22 77
info@oneconsult.com

Switzerland

Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

Tel +41 43 377 22 22
Fax +41 43 377 22 77
info@oneconsult.com

Oneconsult AG
Baerenplatz 7
3011 Bern
Switzerland

Tel +41 31 327 15 15
Fax +41 31 327 15 25
info@oneconsult.com

Germany

Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany

Tel +49 89 248820 600
Fax +49 89 248820 677
info@oneconsult.com