Penetration Test
Penetration Test
Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats
Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
ISO 27001 Security Audit
ISO 27001 Security Audit
ISO-compliant assessment of your information security landscape
Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.
Digital Forensics & Incident Response
Digital Forensics & Incident Response
Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation
Respond effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified DFIR experts.

Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 2000+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

01 July 2021: Developer Week '21 – Expert Talk About OWASP Top 10

At this year’s Developer Week, which will take place from 28 June to 2 July 2021 as a remote conference, Frank Ully, CTO Oneconsult Deutschland GmbH and Senior Penetration Tester & Security Consultant, will talk about the OWASP Top Ten: possible attacks on web applications and their causes, which measures you can use to protect your applications against such attacks and why it is essential to consider them already during developement – and not only at a later stage.
[more]

30 June 2021: Digicomp Hacking Day 2021

At this year’s Hacking Day, which is themed “Attack Targets 2021 – Do You Know Where Your Risk Lies?”, you can learn more about current cyber threats from experienced cyber security experts in a variety of presentations and live hacking workshops, and learn about strategies to protect yourself against potential attacks. Among the speakers will be Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, with a live hacking workshop called “Hackademy Advanced: Cyber Attacks & Defense”.

The Hacking Day 2021 will be held as an online event on Wednesday, 30 June 2021.

The agenda with further details and registration are available on the Digicomp website.

News & Advisories

One Step Ahead of the Cybercriminals – Article for SMEs in "Applica" Magazine

Small and medium-sized enterprises (SMEs) are a popular target for cybercriminals. In the current isssue 07/2021 of Applica (available in German only), a magazine issued by the Swiss Painting and Plastering Contractor Association (SMGV), Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, provides an insight into the background and frequent attack methods and details protective measures for SMEs – as the impact of a successful cyber attack can be devastating.
[more]

New iX With Two Cover Topics From Oneconsult DFIR Team

The current issue 08/2021 of iX magazine features two cover topics from Oneconsult’s DFIR team (Digital Forensics & Incident Response): In part 10 of the Active Directory article series, Fabian Murer, Senior Digital Forensics & Incident Response Specialist, explains how logs efficiently complement hardening measures, which have already been implemented, to detect potential attacks in a timely manner. Moreover, Gregor Wegberg, Head of Digital Forensics & Incident Response, continues his IT forensics tutorial series and demonstrates how “Kroll Artifact Parser and Extractor” (KAPE), which has been introduced in the first article of the tutorial, can be used to analyse Autoruns artefacts in order to determine whether an attacker or malware has gained persistence on a system after a successful attack.
[more]

Pen Tester's Diary

OWASP IoTGoat – Deliberately Insecure IoT Firmware

by Jakob Kunzmann

IoTGoat is intentionally vulnerable software, like that found on routers for example. Included are the most common vulnerabilities of IoT devices. The project serves to raise awareness of these vulnerabilities in order to make future generations of IoT devices and networks more secure. This article introduces both the project in general and some of the vulnerabilities.
[read the German article]

How to Store Passwords Securely

by Sandro Affentranger

Data leaks – incidents in which unauthorized persons have gained access to data collections – occur from time to time. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored “hashed”. This article looks at which hash functions are suitable for this purpose.
[read the German article]

Our customers value our expertise and vast project experience of over

0

Penetration test projects, over 1100 of which OSSTMM-compliant

0

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

0

Security auditse.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

Holding

Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Switzerland

Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Oneconsult AG
Aarbergergasse 56
3011 Bern
Switzerland

+41 31 327 15 15
info@oneconsult.com

Germany

Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany

+49 89 248820 600
info@oneconsult.com