Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA/DCS), IoT device or IT infrastructure via penetration test / ethical hacking, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
Proactively protect your IT assets with a penetration test
There is no «typical» penetration test. Therefore, we offer various types of penetration tests / ethical hacking (incl. APT tests), optimized to the specific requirements of web applications, mobile apps, SAP solutions, ICS (SCADA/DCS), IoT devices, different attack vectors and general conditions or your particular needs (e.g. does your SOC, cloud or service provider live up to its promises?).
Our penetration tests help you to identify technical security vulnerabilities, categorize their risks, evaluate and implement mitigation measures. We give you detailed prioritized recommendations on how to fix them as part of the comprehensive final report to protect your IT assets from unwanted activities.
We have one of the largest teams of highly skilled, salaried and certified penetration testers in Switzerland conducting over 200 penetration test projects per year and employ the most current methods and strategies which are also used by «real» hackers. We cover the entire range from standard penetration tests, code reviews, exploit development, reverse engineering to ethical hacking and APT tests under real-life conditions.
Since Oneconsult’s inception in 2003, we have covered a wide variety of products and technologies in hundreds of penetration test projects, an overview of which you will get in our detailed, anonymized references section.
- One of the largest penetration tester teams in Switzerland
1400 penetration test projects
(200+ per year)
- Proven testing methodologies
- Meaningful, clear reports
- Categorized risks
- Detailed measures catalog incl. prioritization recommendation
- Office IT, ICS (SCADA/DCS) and IoT devices
- Code review
- Exploit development
- Reverse engineering
We offer the following penetration test types:
The penetration test is a realistic, simulated hacker attack. During the available testing time all security vulnerabilities are systematically searched for. A penetration test involves a much higher degree of manual work than a fully automated scan, with the testers putting themselves in the position of a hacker. In comparison to an application security audit, the penetration test encompasses unprivileged tests (i.e. tests without knowledge of valid access information like user ID/password, etc.), but privileged tests may be carried out if access information becomes available during the penetration test. The main differences between a penetration test and ethical hacking are that in the former, the testers are looking for all vulnerabilities and the object of investigation may be penetrated but not modified permanently.
The application penetration test is a security test of an application and its associated front- and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. During the available testing time all security vulnerabilities are systematically searched for in the operating system, the basic services and the application on top.
During this type of penetration test both unprivileged and privileged tests will be carried out, thus covering both the perspective of an outsider (e.g. hacker) and an insider. The application penetration test is the most comprehensive test type, which is especially suited for critical infrastructure like ICS (SCADA systems / DCS), internet banking portals, online shops, mobile apps or interactive business websites.
The following methods and types of tests may be used in an application penetration test:
- OWASP Top 10 / OWASP Mobile Top 10
- Code review
- Reverse engineering (hardware and software)
- API monitoring
- Network sniffing & packet analysis
- Injection tests
In some cases an application or a system are in scope of a security audit, however, the client does not have access to the source code / blueprint of the device or does not want to reveal these. Reverse engineering is the analysis of the security-related system behavior and functionality of a device or an executable application based on the black-box approach.
The following methods may complement reverse engineering projects:
- Protocol reverse engineering (network sniffing & packet analysis)
- Code review of the generated source code
- API monitoring
Approach: Penetration Test, Ethical Hacking and APT Test
After the kick-off meeting, i.e. penetration tests are carried out according to the following project phases:
- Test preparation
- Information gathering
- Analysis and verification of security holes
- Optional: Development and application of exploits (as proof of concept)
- Optional: Project presentation or only discussion of the final report
The final penetration test report will include:
- Executive summary
- Project scope and objectives
- Categorization of risks
- Detailed recommended measures
- Risk Assessment Value (benchmark)
If required, we will also send you the tool-generated output, action logs and dump files from the penetration tests.
For each penetration test type we will make sure that assessing the security vulnerabilities of your system is done in a thorough and cost-effective way. If a large number of systems need to be tested, we recommend taking a funnel approach. Thereby all systems are first analyzed with a security scan, based on the results of which we decide with you which systems should be tested more intensively with an IT infrastructure penetration test or an application penetration test.
Penetration Test Expertise
Since Oneconsult’s inception in 2003, we have conducted over 1400 penetration test projects of various types, 1100 of which are OSSTMM-compliant. Amongst other qualifications (like GXPN, OSWP or OPSA), our technical security specialists hold OPST and OSCP certifications. Oneconsult AG is an ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, Europe’s leading OSSTMM security auditor.
For definitions of information and IT security terms please refer to our glossary.
A WLAN audit is an intensive, unprivileged and privileged manual search for vulnerabilities in a WLAN network.
CRLF injection is a specific way of injecting malicious code into an application. The main element of the attack is to inject "Carriage Return" (CR) and/or "Line Feed" (LF) characters into any kind of output. This injection is possible if a targeted application does not properly sanitize and neutralize all user-supplied data. One example of such an attack is "HTTP response splitting".
The OSSTMM (Open Source Security Testing Methodology Manual) is a de-facto standard for security tests. It was developed by the Institute for Security and Open Methodologies (ISECOM) and is continually being reviewed and modified by industry experts. The standard is freely available and contains, amongst others, a security testing methodology for all channels (Human, Physical, Wireless,Telecommunications, and Data Networks) and the Rules of Engagement which specify ethical guidelines for security tests. Security gaps are categorized into the five categories Vulnerability, Weakness, Concern, Exposure und Anomaly according to their severity.
Wardriving denotes driving around in a vehicle searching for wireless (computer) networks. This information can be used for mapping purposes or to detect inadequately secured networks, break into them and abuse them.
In a session hijacking attack an attacker takes over the session of a victim. The attacker then may access the data of the victim and issue commands in the victim’s name (also see session fixation).