Penetration Test

Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats

Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.

ISO 27001 Security Audit

ISO-compliant assessment of your information security landscape

Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.

Digital Forensics & Incident Response

Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation

Respond effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified DFIR experts.

Security consulting

Security training

Security Officer Services

Project execution still guaranteed despite COVID-19

Dear customers and interested parties,

Despite the current developments regarding COVID-19, Oneconsult is able to carry out all projects without any loss of quality and without delays. We have already taken the technical and organizational measures years ago to guarantee you the usual high service quality even in this exceptional situation.

Oneconsult adheres to the specifications of the governments of Switzerland and Germany. As in most companies with the corresponding possibilities, the majority of our employees have been working from their home office since the beginning of March. Video and telephone conferences take place via our own or your preferred system. If desired, we can also continue to conduct on-site tests. As always, the data is stored encrypted.

Our digital forensics & incident response team is also on duty for you in this situation around the clock. Thus you continue to receive the usual Oneconsult service.

We will be happy to answer your questions at: info@oneconsult.com or +41 43 377 22 22

Kind regards

Christoph Baumgartner (CEO), Tobias Ellenberger (COO), Tobias Castagna (CTO) and Jan Alsenz (CRO)

Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 2000+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

18-Mar-21

22 April 2021: betterCode API – Expert Talk on OWASP API Security Top 10

At the betterCode API 2021, Frank Ully, CTO Oneconsult Deutschland GmbH and Senior Penetration Tester & Security Consultant, will talk about possible attacks on APIs based on the OWASP API Security Top 10 and will explain which measures developers can take to protect against such attacks.
[more]

25-Feb-21

12 April 2021: Webinar on Techniques and Tools Used by Cybercriminals

In the Digicomp webinar „Techniques and Tools That Cybercriminals Use for Attacks“ (in German only), Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, will explain which strategies cybercriminals pursue and why SMEs and private individuals are also increasingly targeted by attackers.

The DigiSnack webinar will take place on Monday, 12 April 2021, from 14:00 to 14:45.

Please check the Digicomp website for further information and registration.

News & Advisories

30-Mar-21

Article in "Zürichsee-Zeitung": How a Company Is Turned Upside Down by a Cyber Attack

The number of cyber attacks is steadily increasing. Once again, this is proven in the current issue of Zürichsee-Zeitung (30 March 2021, available in German only) featuring a family business that has been targeted by cybercriminals: A ransomware attack temporarily shut down their entire operation. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, explains from the perspective of an experienced expert in this field why such attacks have become very common, what needs to be taken into account in the event of such an attack, and how a cyber security service provider can help companies prevent the worst case.
[more]

23-Mar-21

Article on Underestimated Cyber Risks in AXA's Customer Magazine "Meine Firma"

SMEs are increasingly targeted by cybercriminals. In the current issue of “Meine Firma”, AXA’s customer magazine for SMEs, the head of an architecture firm, that was exposed to a ransomware attack, shares his experience. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, assesses the situation from the perspective of a cyber security expert and explains why such incidents are not uncommon.
[more]

Pen Tester's Diary

25-Mar-21

OWASP Top 10 Proactive Controls – Part 2

by Lena Reitzle

The first part of this article covered the first five items C1 through C5 of the OWASP Top 10 Proactive Controls. This second part picks up where we left off and takes a closer look at Proactive Controls C6 through C10.

[read the German article]

12-Feb-21

OWASP Top 10 Proactive Controls – Part 1

by Lena Reitzle

You could say that the OWASP Top 10 Proactive Controls is a bit different from other better-known OWASP top ten lists – for example, the ten most critical risks for web applications (“OWASP Top 10”) or APIs (“OWASP API Security Top 10”) – because it goes beyond simply describing potential risks: The Proactive Controls are primarily aimed at developers and provide them with specific measures for developing secure applications. They also serve to raise awareness among developers of the immense importance of application security.

This first part of the two-part article describes Proactive Controls C1 through C5. The following second part will take a closer look at C6 through C10.

[read the German article]

Our customers value our expertise and vast project experience of over

Penetration test projects, over 1100 of which OSSTMM-compliant

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Digital Forensics & Incident Response (DFIR) projects

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

OSSTMM – Open Source Security Testing Methodology Manual

OWASP – Open Web Application Security Project

ISO 27001 – Information Security Management System (ISMS)

Holding

Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Switzerland

Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

+41 43 377 22 22
info@oneconsult.com

Oneconsult AG
Aarbergergasse 56
3011 Bern
Switzerland

+41 31 327 15 15
info@oneconsult.com

Germany

Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany

+49 89 248820 600
info@oneconsult.com