> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
> Mobile App Security
Onboard your Team into your Security Challenges.
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
Are you looking for a standard pentest or a pentest of a complex system? Depending on the testing target, the pentest team is composed of various cross-functional experts, e.g. for analysis of proprietary cryptography protocols, hardware security or protocol stacks (e.g. Bluetooth, CAN bus). Pentesting requires teamwork and we assign a team of pentesters according to the mission’s need.
Our experts have a track record in security testing and reverse engineering of e.g. banking web applications and APIs, mobile apps, payment applications, IoT devices, healthcare devices, smartcards, POIs, ICs/SOCs and cryptography.
Before starting, both parties agree upon your objectives and expectations, the assets to be protected, the scope of the test, our approach (black-, grey- or white-box) and the general project setup.
We will report vulnerabilities identified using the Common Vulnerability Scoring System (CVSS) and assign a score/rating (= criticality) per vulnerability.
Irrespective of tools used by the pentester, pentesting requires state-of-the-art knowledge, expertise, experiences, imagination, creativity and intuition. Like in any other arts. Pentesting is our passion and profession.
Applications do not run on their own and require a supporting infrastructure such as operating systems, networks/network components and management components that form the glue. This includes e.g.:
A web app penetration test addresses both end points of a web application: the server-side as well as the client-side. The basic security assumption in this client-server model is that the server must not rely on any input provided by the client-side and protects itself. This has a significant impact on the protections required and the depth of testing.
In scope of the web app pentest are usually, among others, the following functionalities:
Web APIs are the key enabler for Web 2.0 and meshes of web applications. Browsers and mobile and web applications connect to backend systems via REST, SOAP, RPC and WebSockets. Assessing the endpoint resilience requires:
Depending on the project objectives, a penetration test may include additional, specialised activities, such as: