Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA/DCS), IoT device or IT infrastructure via penetration test / ethical hacking, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
Proactively protect your IT assets with a penetration test
There is no «typical» penetration test. Therefore, we offer various types of penetration tests / ethical hacking (incl. APT tests), optimized to the specific requirements of web applications, mobile apps, SAP solutions, ICS (SCADA/DCS), IoT devices, different attack vectors and general conditions or your particular needs (e.g. does your SOC, cloud or service provider live up to its promises?).
Our penetration tests help you to identify technical security vulnerabilities, categorize their risks, evaluate and implement mitigation measures. We give you detailed prioritized recommendations on how to fix them as part of the comprehensive final report to protect your IT assets from unwanted activities.
We have one of the largest teams of highly skilled, salaried and certified penetration testers in Switzerland conducting over 200 penetration test projects per year and employ the most current methods and strategies which are also used by «real» hackers. We cover the entire range from standard penetration tests, code reviews, exploit development, reverse engineering to ethical hacking and APT tests under real-life conditions.
Since Oneconsult’s inception in 2003, we have covered a wide variety of products and technologies in hundreds of penetration test projects, an overview of which you will get in our detailed, anonymized references section.
- One of the largest penetration tester teams in Switzerland
1400 penetration test projects
(200+ per year)
- Proven testing methodologies
- Meaningful, clear reports
- Categorized risks
- Detailed measures catalog incl. prioritization recommendation
- Office IT, ICS (SCADA/DCS) and IoT devices
- Code review
- Exploit development
- Reverse engineering
We offer the following penetration test types:
The penetration test is a realistic, simulated hacker attack. During the available testing time all security vulnerabilities are systematically searched for. A penetration test involves a much higher degree of manual work than a fully automated scan, with the testers putting themselves in the position of a hacker. In comparison to an application security audit, the penetration test encompasses unprivileged tests (i.e. tests without knowledge of valid access information like user ID/password, etc.), but privileged tests may be carried out if access information becomes available during the penetration test. The main differences between a penetration test and ethical hacking are that in the former, the testers are looking for all vulnerabilities and the object of investigation may be penetrated but not modified permanently.
The application penetration test is a security test of an application and its associated front- and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. During the available testing time all security vulnerabilities are systematically searched for in the operating system, the basic services and the application on top.
During this type of penetration test both unprivileged and privileged tests will be carried out, thus covering both the perspective of an outsider (e.g. hacker) and an insider. The application penetration test is the most comprehensive test type, which is especially suited for critical infrastructure like ICS (SCADA systems / DCS), internet banking portals, online shops, mobile apps or interactive business websites.
The following methods and types of tests may be used in an application penetration test:
- OWASP Top 10 / OWASP Mobile Top 10
- Code review
- Reverse engineering (hardware and software)
- API monitoring
- Network sniffing & packet analysis
- Injection tests
In some cases an application or a system are in scope of a security audit, however, the client does not have access to the source code / blueprint of the device or does not want to reveal these. Reverse engineering is the analysis of the security-related system behavior and functionality of a device or an executable application based on the black-box approach.
The following methods may complement reverse engineering projects:
- Protocol reverse engineering (network sniffing & packet analysis)
- Code review of the generated source code
- API monitoring
Approach: Penetration Test, Ethical Hacking and APT Test
After the kick-off meeting, i.e. penetration tests are carried out according to the following project phases:
- Test preparation
- Information gathering
- Analysis and verification of security holes
- Optional: Development and application of exploits (as proof of concept)
- Optional: Project presentation or only discussion of the final report
The final penetration test report will include:
- Executive summary
- Project scope and objectives
- Categorization of risks
- Detailed recommended measures
- Risk Assessment Value (benchmark)
If required, we will also send you the tool-generated output, action logs and dump files from the penetration tests.
For each penetration test type we will make sure that assessing the security vulnerabilities of your system is done in a thorough and cost-effective way. If a large number of systems need to be tested, we recommend taking a funnel approach. Thereby all systems are first analyzed with a security scan, based on the results of which we decide with you which systems should be tested more intensively with an IT infrastructure penetration test or an application penetration test.
Penetration Test Expertise
Since Oneconsult’s inception in 2003, we have conducted over 1400 penetration test projects of various types, 1100 of which are OSSTMM-compliant. Amongst other qualifications (like GXPN, OSWP or OPSA), our technical security specialists hold OPST and OSCP certifications. Oneconsult AG is an ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, Europe’s leading OSSTMM security auditor.
For definitions of information and IT security terms please refer to our glossary.
OSINT is an abbreviation for "open source intelligence" and is commonly used in the secret services. OSINT means to gather, find and systematically organize information using public sources such as search engines, newspapers, social media or other public data. The "open source" in the name is not related to open source software.
Before an attack it is necessary to gather as much information as possible about the target system. This step is also known as “enumeration process” or “application mapping”. The goal of enumeration is to get a concrete idea of the structure of the application in order to optimally exploit technical, architectural as well as logical properties of the application for an attack.
Double Blind (Test Type)
IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. According to the OSSTMM, in a double-blind audit the testers do not have any knowledge about the systems to be tested prior to the audit and the administrators of the tested systems are unaware of the security audit. The double-blind test type is the most realistic approach, but not the most efficient.
See Cyber War
A cookie is a small text file which is stored on a local computer by a webserver and which contains data about the user's surfing habits (e.g. language settings or items in shopping cart). Cookies thus help to improve user experience, but may also track behavior and pass on information to third-party websites without the user's consent. Session-relevant information is also often stored in cookies, which may be exploited by hackers in attacks like session hijacking.