Pentesting & Code Audits
Pentesting
As part of a pentest, your IT infrastructure (applications, networks, clients & servers) is checked for typical misconfigurations and vulnerabilities. A holistic approach is taken, i.e. the application and the potential vulnerabilities or findings are evaluated and assessed in the context of your organization. A risk classification is made for each finding. Various types of threat actors are used as a basis for this.
Depending on the test environment, common standards are used as the basis for the test methodology, e.g. for the Web Application Pentest OWASP Web Security Testing Guide (WSTG).
The pentest is carried out as follows:
- Preliminary discussion and definition of the test scope and target systems
- Offer & approval of the penetration test
- Execution of the penetration test
- Analysis and evaluation of the results
- Final discussion & delivery of the professional report
Code audits
I offer code audits for software in various programming languages. Thanks to my expertise in pentesting, I can specifically investigate and uncover common vulnerabilities and attack paths. Among other things, I offer
- Code review of (web) applications, based on common frameworks e.g. Springboot, Laravel, Django or in-house developments
- Mobile app audit
Please don't hesitate to contact me!