Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA/DCS), IoT device or IT infrastructure via penetration test / ethical hacking, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
Proactively protect your IT assets with a penetration test
There is no «typical» penetration test. Therefore, we offer various types of penetration tests / ethical hacking (incl. APT tests), optimized to the specific requirements of web applications, mobile apps, SAP solutions, ICS (SCADA/DCS), IoT devices, different attack vectors and general conditions or your particular needs (e.g. does your SOC, cloud or service provider live up to its promises?).
Our penetration tests help you to identify technical security vulnerabilities, categorize their risks, evaluate and implement mitigation measures. We give you detailed prioritized recommendations on how to fix them as part of the comprehensive final report to protect your IT assets from unwanted activities.
We have one of the largest teams of highly skilled, salaried and certified penetration testers in Switzerland conducting over 200 penetration test projects per year and employ the most current methods and strategies which are also used by «real» hackers. We cover the entire range from standard penetration tests, code reviews, exploit development, reverse engineering to ethical hacking and APT tests under real-life conditions.
Since Oneconsult’s inception in 2003, we have covered a wide variety of products and technologies in hundreds of penetration test projects, an overview of which you will get in our detailed, anonymized references section.
- One of the largest penetration tester teams in Switzerland
1200 penetration test projects
(200+ per year)
- Proven testing methodologies
- Meaningful, clear reports
- Categorized risks
- Detailed measures catalog incl. prioritization recommendation
- Office IT, ICS (SCADA/DCS) and IoT devices
- Code review
- Exploit development
- Reverse engineering
We offer the following penetration test types:
The penetration test is a realistic, simulated hacker attack. During the available testing time all security vulnerabilities are systematically searched for. A penetration test involves a much higher degree of manual work than a fully automated scan, with the testers putting themselves in the position of a hacker. In comparison to an application security audit, the penetration test encompasses unprivileged tests (i.e. tests without knowledge of valid access information like user ID/password, etc.), but privileged tests may be carried out if access information becomes available during the penetration test. The main differences between a penetration test and ethical hacking are that in the former, the testers are looking for all vulnerabilities and the object of investigation may be penetrated but not modified permanently.
The application penetration test is a security test of an application and its associated front- and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. During the available testing time all security vulnerabilities are systematically searched for in the operating system, the basic services and the application on top.
During this type of penetration test both unprivileged and privileged tests will be carried out, thus covering both the perspective of an outsider (e.g. hacker) and an insider. The application penetration test is the most comprehensive test type, which is especially suited for critical infrastructure like ICS (SCADA systems / DCS), internet banking portals, online shops, mobile apps or interactive business websites.
The following methods and types of tests may be used in an application penetration test:
- OWASP Top 10 / OWASP Mobile Top 10
- Code review
- Reverse engineering (hardware and software)
- API monitoring
- Network sniffing & packet analysis
- Injection tests
In some cases an application or a system are in scope of a security audit, however, the client does not have access to the source code / blueprint of the device or does not want to reveal these. Reverse engineering is the analysis of the security-related system behavior and functionality of a device or an executable application based on the black-box approach.
The following methods may complement reverse engineering projects:
- Protocol reverse engineering (network sniffing & packet analysis)
- Code review of the generated source code
- API monitoring
Approach: Penetration Test, Ethical Hacking and APT Test
After the kick-off meeting, i.e. penetration tests are carried out according to the following project phases:
- Test preparation
- Information gathering
- Analysis and verification of security holes
- Optional: Development and application of exploits (as proof of concept)
- Optional: Project presentation or only discussion of the final report
The final penetration test report will include:
- Executive summary
- Project scope and objectives
- Categorization of risks
- Detailed recommended measures
- Risk Assessment Value (benchmark)
If required, we will also send you the tool-generated output, action logs and dump files from the penetration tests.
For each penetration test type we will make sure that assessing the security vulnerabilities of your system is done in a thorough and cost-effective way. If a large number of systems need to be tested, we recommend taking a funnel approach. Thereby all systems are first analyzed with a security scan, based on the results of which we decide with you which systems should be tested more intensively with an IT infrastructure penetration test or an application penetration test.
Penetration Test Expertise
Since Oneconsult’s inception in 2003, we have conducted over 1200 penetration test projects of various types, 900 of which are OSSTMM-compliant. Amongst other qualifications (like GXPN, OSWP or OPSA), our technical security specialists hold OPST and OSCP certifications. Oneconsult AG is an ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, Europe’s leading OSSTMM security auditor.
For definitions of information and IT security terms please refer to our glossary.
Malware is short for malicious software and denotes any kind of software that executes a function or exhibits a behavior which is not desired by the user. It is also an umbrella term for computer viruses, worms, adware and spyware.
Risk Assessment Value (RAV)
The RAV is a measurement for the attack surface of an environment as defined by the OSSTMM (Open Source Security Testing Methodology Manual). It is a scale which describes the security level at a certain point in time (actual security). A RAV of a 100 (also sometimes referred to as 100% RAV) reflects the perfect balance between protection and attack points. Anything less is too few controls and therefore a greater attack surface.
Test without knowledge of valid access information like user ID and password, etc.
Cross-Site Scripting (XSS)
Cross-site scripting is a type of vulnerability which enables an attacker to inject a script into a web page. The script is indistinguishable from other contents on the page and therefore executed like any other scripts on the page by the browser. There are three different types of XSS vulnerabilities. They are reflected, persistent and DOM-based XSS.
ICS (SCADA / DCS) Security Audit
ICS environments are for example used in the energy sector (power generation, pipelines, etc.), the waste management industry, in manufacturing, building automation and at airports. ICS is short for for Industrial Control System, SCADA for Supervisory Control and Data Acquisition, DCS for Distributed Control System. A SCADA / DCS audit is an intensive, technical and/or conceptual, unprivileged and privileged security test of an ICS environment and its associated components.