IoT & Embedded

Using state-of-the-art laboratory equipment, we can analyze all aspects of your embedded systems and IoT devices, from individual sensors to complete ecosystems. As part of our security tests, we provide comprehensive analysis of:

• All internal (e.g., JTAG, I²C, SPI) and external interfaces (e.g., USB, Ethernet), including wireless interfaces (e.g., Wi-Fi, Bluetooth/BLE, ZigBee, LoRaWAN, cellular networks)
• Internal (e.g., onboard flash memory) and external storage (e.g., SD cards)
• Firmware, including network services and firmware update processes
• Automotive hardware and software, including control units, entire vehicles, and mobile apps for vehicle control

Web Applications and Services

In the realm of web components, we provide penetration testing in accordance with established guidelines like the OWASP Web Security Testing Guide (WSTG). Our services include:

• Web applications built on a wide range of technologies
• APIs (e.g., REST, SOAP)

We also conduct thorough source code analysis to identify vulnerabilities in your applications and APIs.

OT- & IT-Infrastructures and Components

By conducting security tests on your OT and IT environments, you can assess the security of your infrastructure components and internal networks. We offer comprehensive analysis of:

• Perimeter systems
• Corporate networks
• Cloud environments
• Infrastructure as Code architectures
• Hardening measures for servers, databases, etc.
• Connections between OT and IT infrastructures
• Production facilities and control systems

Mobile Applications

For mobile applications (Android, iOS), we also offer penetration testing based on well-known and up-to-date guidelines such as the OWASP Mobile Application Security Testing Guide (MASTG). Depending on your needs, we conduct the following analyses:

• Static and dynamic analysis of mobile applications
• Examination of all communication channels (e.g., communication with backend systems)
• Source code analysis

During the first phase of the penetration test, test objectives as well as organizational, technical, and legal aspects are coordinated with the client, including:

• Components that should be in scope of the test as well as associated key aspects of testing (test scope),
• Components and test cases that should not be in scope of the test (out of scope),
• Overall testing strategy, including:
  • Information basis (e.g., Black-Box, Gray-Box, or White-Box approach)
  • Level of aggressiveness (e.g., passive scanning, cautious, balanced, or aggressive)
  • Approach (covert or overt)
  • Starting point for the test (external perspective, internal perspective)
• Potential (technical) issues that might affect the testing procedure and results
• Contacts list, including an emergency contact on either side in case that urgent communication or help is required

The results of this phase are documented in a contract, which serves as the legal basis for the penetration testing engagement.

In phase 2, the information and documents provided by the customer are examined, thereby gathering preliminary information about the test object, e.g.,

• Used technologies, frameworks, and software versions
• Reachable hosts and / or (sub-)domains
• Accessible (hardware) interfaces

In parallel, it will be verified whether access to all test components is possible. 

Based on the information gathered during previous phases, the list of planned test cases - and therefore the time required - can be adjusted for selected components according to their relevance. This involves identifying, analyzing, and prioritizing potential threats and attack vectors (e.g., based on damage potential, likelihood of success, and possible impacts).

Following the initial analyses, active intrusion attempts are conducted. For this purpose, selected test cases for each component in scope will be executed.

If a test case reveals a (potential) vulnerability, its exploitability and impact are examined:

• Exploitability refers to conditions affecting the success of an intrusion attempt, such as the accessibility of the vulnerable component, required permissions and expertise, safeguards and protection mechanisms, etc.
• Impact refers to the consequences that a successful attack would have, e.g., on confidentiality, integrity and availability of systems, user accounts or data

Furthermore, evidence is gathered for each vulnerability, such as screenshots or step-by-step instructions to reproduce the attack or provoke specific system behaviors.

If applicable, activities from phases 2 and/or 3 will be repeated based on the results and information obtained during this phase. This may involve adding or adjusting test cases, as the presence of certain vulnerabilities could indicate susceptibility to other types of attacks.

The penetration test is concluded with the Final Analysis and Clean-Up Phase. During the final analysis, all results from the previous phases are compiled into a detailed report, including:

• A summary of the test approach and test results, including an assessment of the test object’s overall security level
• A detailed description of each discovered vulnerability, including proof-of-concept and screenshots
• A rating of each vulnerability regarding of its severity
• General recommendations for remediation or mitigation of the identified vulnerabilities

If necessary, remnants of the test activities are also removed during this phase.