Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA/DCS), IoT device or IT infrastructure via penetration test / ethical hacking, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
Proactively protect your IT assets with a penetration test
There is no «typical» penetration test. Therefore, we offer various types of penetration tests / ethical hacking (incl. APT tests), optimized to the specific requirements of web applications, mobile apps, SAP solutions, ICS (SCADA/DCS), IoT devices, different attack vectors and general conditions or your particular needs (e.g. does your SOC, cloud or service provider live up to its promises?).
Our penetration tests help you to identify technical security vulnerabilities, categorize their risks, evaluate and implement mitigation measures. We give you detailed prioritized recommendations on how to fix them as part of the comprehensive final report to protect your IT assets from unwanted activities.
We have one of the largest teams of highly skilled, salaried and certified penetration testers in Switzerland conducting over 200 penetration test projects per year and employ the most current methods and strategies which are also used by «real» hackers. We cover the entire range from standard penetration tests, code reviews, exploit development, reverse engineering to ethical hacking and APT tests under real-life conditions.
Since Oneconsult’s inception in 2003, we have covered a wide variety of products and technologies in hundreds of penetration test projects, an overview of which you will get in our detailed, anonymized references section.
- One of the largest penetration tester teams in Switzerland
1400 penetration test projects
(200+ per year)
- Proven testing methodologies
- Meaningful, clear reports
- Categorized risks
- Detailed measures catalog incl. prioritization recommendation
- Office IT, ICS (SCADA/DCS) and IoT devices
- Code review
- Exploit development
- Reverse engineering
We offer the following penetration test types:
The penetration test is a realistic, simulated hacker attack. During the available testing time all security vulnerabilities are systematically searched for. A penetration test involves a much higher degree of manual work than a fully automated scan, with the testers putting themselves in the position of a hacker. In comparison to an application security audit, the penetration test encompasses unprivileged tests (i.e. tests without knowledge of valid access information like user ID/password, etc.), but privileged tests may be carried out if access information becomes available during the penetration test. The main differences between a penetration test and ethical hacking are that in the former, the testers are looking for all vulnerabilities and the object of investigation may be penetrated but not modified permanently.
The application penetration test is a security test of an application and its associated front- and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. During the available testing time all security vulnerabilities are systematically searched for in the operating system, the basic services and the application on top.
During this type of penetration test both unprivileged and privileged tests will be carried out, thus covering both the perspective of an outsider (e.g. hacker) and an insider. The application penetration test is the most comprehensive test type, which is especially suited for critical infrastructure like ICS (SCADA systems / DCS), internet banking portals, online shops, mobile apps or interactive business websites.
The following methods and types of tests may be used in an application penetration test:
- OWASP Top 10 / OWASP Mobile Top 10
- Code review
- Reverse engineering (hardware and software)
- API monitoring
- Network sniffing & packet analysis
- Injection tests
In some cases an application or a system are in scope of a security audit, however, the client does not have access to the source code / blueprint of the device or does not want to reveal these. Reverse engineering is the analysis of the security-related system behavior and functionality of a device or an executable application based on the black-box approach.
The following methods may complement reverse engineering projects:
- Protocol reverse engineering (network sniffing & packet analysis)
- Code review of the generated source code
- API monitoring
Approach: Penetration Test, Ethical Hacking and APT Test
After the kick-off meeting, i.e. penetration tests are carried out according to the following project phases:
- Test preparation
- Information gathering
- Analysis and verification of security holes
- Optional: Development and application of exploits (as proof of concept)
- Optional: Project presentation or only discussion of the final report
The final penetration test report will include:
- Executive summary
- Project scope and objectives
- Categorization of risks
- Detailed recommended measures
- Risk Assessment Value (benchmark)
If required, we will also send you the tool-generated output, action logs and dump files from the penetration tests.
For each penetration test type we will make sure that assessing the security vulnerabilities of your system is done in a thorough and cost-effective way. If a large number of systems need to be tested, we recommend taking a funnel approach. Thereby all systems are first analyzed with a security scan, based on the results of which we decide with you which systems should be tested more intensively with an IT infrastructure penetration test or an application penetration test.
Penetration Test Expertise
Since Oneconsult’s inception in 2003, we have conducted over 1400 penetration test projects of various types, 1100 of which are OSSTMM-compliant. Amongst other qualifications (like GXPN, OSWP or OPSA), our technical security specialists hold OPST and OSCP certifications. Oneconsult AG is an ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, Europe’s leading OSSTMM security auditor.
For definitions of information and IT security terms please refer to our glossary.
The «Open Web Application Security Project» (OWASP) is an open community which has the mission to develop, acquire, operate and maintain trustworthy web applications (see also OWASP Top 10 and OWASP Mobile Top 10).
Ransomware is malware that attackers use to encrypt data and/or block systems of their targets. The attackers then ask their victims to pay a ransom, after which the data/systems are supposedly decrypted or unblocked again. This type of malware is often spread via malicious email attachments and links or phishing. Well-known examples of ransomware are CryptoLocker, Petya and WannaCry.
Spyware is software which spies on the user or his/her data. This is usually done without the knowledge or consent of the user. The information is either transferred to the producer or used to display more targeted ads.
If a web application does not change the session token of a user when he logs in an attacker may use this property for a session fixation attack. Hereby he tricks a victim into using a given session token to login. After the victim has logged in the attacker may use the known token to take over the victim’s session. This is a form of session hijacking.
Windows Client Audit
A Windows client audit usually entails a privileged security audit of the client systems on the network, operating system and application level.