We use a combination of automatically executed tests and manual, explorative procedures. In doing so, we combine speed, repeatability, and high throughput capability of machine testing and also rely on the creativity, expertise, and combinatorial skills of our cybersecurity engineers.
Meanwhile, we draw on known databases/repositories such as NVD (National Vulnerability Database) of the U.S. government or CVE (Common Vulnerabilities and Exposures) U.S. Department of Homeland Security, to identify possible vulnerabilities. With our many years of experience in the field of software development with the highest IT security standards, we design test and attack scenarios adapted to your software. This allows us to check possible attack vectors (one attack path) or attack surfaces (multi-stage attack methods).
As a result, each vulnerability found is evaluated using the Common Vulnerability Scoring System (CVSSv3) and provided with possible mitigation measures, including effectiveness.
In other words, you get a quick overview of the security status of your software and can use it for improvement.
We check the corresponding applications (Web/WebApps/Apps) for security risks during our pentests. This sometimes includes front-end and back-end, but also web services, APIs and other components.