Penetration Test
Penetration Test
Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats
Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
ISO 27001 Security Audit
ISO 27001 Security Audit
ISO-compliant assessment of your information security landscape
Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.
Digital Forensics & Incident Response
Digital Forensics & Incident Response
Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation
Respond effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified DFIR experts.

Project execution still guaranteed despite COVID-19

Dear customers and interested parties,

Despite the current developments regarding COVID-19, Oneconsult is able to carry out all projects without any loss of quality and without delays. We have already taken the technical and organizational measures years ago to guarantee you the usual high service quality even in this exceptional situation.

Oneconsult adheres to the specifications of the governments of Switzerland and Germany. As in most companies with the corresponding possibilities, the majority of our employees have been working from their home office since the beginning of March. Video and telephone conferences take place via our own or your preferred system. If desired, we can also continue to conduct on-site tests. As always, the data is stored encrypted.

Our digital forensics & incident response team is also on duty for you in this situation around the clock. Thus you continue to receive the usual Oneconsult service.

We will be happy to answer your questions at: info@oneconsult.com or +41 43 377 22 22

Kind regards

Christoph Baumgartner (CEO), Tobias Ellenberger (COO), Tobias Castagna (CTO) and Jan Alsenz (CRO)


Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 2000+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

29 September 2020: DiMitEx – Attacks Against MS Teams and Office 365 Explained by a Hacker

Join Philipp Gamper, Digital Forensics & Incident Response Specialist, in his webinar “Explained by a hacker: MS Teams and Office 365 as new targets for cyber criminals” (in German) to learn more about possible attacks against MS Teams and Office 365 and how to protect yourself against such attacks.

The webinar will take place on 29 September 2020 from 08:50 bis 09:30 as part of the DiMitEx.

For more information and registration see the DiMitEx website.

22–24 September 2020: Stralsund IT Security Conference

“OWASP API Security Top 10 – How APIs Are Attacked and How to Develop Securely”: Frank Ully, Senior Penetration Tester & Security Consultant, will present the most important risks for APIs and possible attacks against APIs at the Stralsund IT Security Conference, which takes place from 22 to 24 September 2020.

The Stralsund IT Security Conference will be held as a virtual event this year.
Frank Ully’s talk is scheduled for 22 September 2020 from 18:00 to 19:00.

Please see the Stralsund IT Security Conference website for further information.

News & Advisories

Beyond OWASP Top 10 – Lesser known vulnerabilities in web applications and APIs

Even if fundamental security risks such as cross-site scripting (XSS) or SQL injections are mitigated during application development, web applications and interfaces are susceptible to vulnerabilities.

In Java aktuell 01/2020, Senior Penetration Tester & Security Consultant Frank Ully writes about lesser known types of vulnerabilties in web applications and APIs (PDF; in German).

Dos and Don’ts der Incident-Response

by Christoph Baumgartner & Tobias Ellenberger

Unfortunately, security incidents cannot always be avoided. To make sure you don’t get caught in the cold, this article published in the German magazine <kes> gives you practical tips: https://www.kes.info/archiv/leseproben/2019/incident-response/

Pen Tester's Diary

How the MITRE ATT&CK Framework Helps You Make Your Business More Secure

by Yves Kraft

The MITRE ATT&CK framework is regularly mentioned, especially when it comes to the analysis of cyber intrusions. But what exactly is ATT&CK and why should you learn more about it?
[read the German article]

Signing Office Macros and PowerShell Scripts – Part 2: Peculiarities of Dealing With Signed Code

by Marco Wohler

The first part of this article explained how to use policies to restrict macros and PowerShell scripts so that only signed code is executed.

In the second part, the peculiarities of dealing with signed code are described in more detail.
[read the German article]

Our customers value our expertise and vast project experience of over

0

Penetration test projects, over 1100 of which OSSTMM-compliant

0

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

0

Security auditse.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

Holding

Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Switzerland

Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Oneconsult AG
Baerenplatz 7
3011 Bern
Switzerland

+41 31 327 15 15
info@oneconsult.com

Germany

Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany

+49 89 248820 600
info@oneconsult.com