Security Testing

Trust is good, control is better. Systematic security analyses of IT systems, networks and applications can identify vulnerabilities and proactively prevent their exploitation.

Pentesting the external infrastructure

Your attack surface on the Internet

From the homepage to mail servers to industry-specific services - almost every organisation exposes interfaces to the Internet that serve as attack points for hackers. But do you know exactly which interfaces of your network are accessible from the Internet? And whether they are properly secured?

With a pentest of your external infrastructure, shows the systems accessible to potential attackers from the internet and whether they are vulnerable. You will receive a detailed overview of your external attack surface, the weak points identified and support in eliminating them.

Pentest of the internal infrastructure

Your intranet attack surface

It has been clear since the beginning of the 21st century at the latest that a strong perimeter firewall is important, but by no means sufficient to ensure an adequate level of protection. Often, attackers are already inside the internal network - external people who gain network access through targeted social engineering techniques, or even internal staff who have a grudge against the organisation for various reasons. The question is, how easy is it for an internal attacker to expand their access, steal your crown jewels and perhaps even take over your domain?

A pentest of the internal infrastructure will reveal which systems are accessible to attackers within the organisational network and hwhether they are vulnerable. You will receive a detailed overview of your internal attack surface, the identified vulnerabilities and assistance in remedying them.

Pentest of web applications and web services

The web application - the hacker's best friend

Besides social engineering, web applications and web services are still among the most critical gateways for successful hacker attacks. Due to the wild mix of different technologies that have evolved over the years, it is very easy for small mistakes to happen during the development and operation of web applications. And hackers are not afraid to abuse them for their own purposes.

Experienced condignum security experts systematically analyse your web applications and web services to uncover both existing vulnerabilities and potential security risks and provide you with detailed support for targeted remediation. In this way, your web offering is proactively and appropriately secured.

Pentest of mobile apps

Mobile smartphone apps - smart, but also secure?

Many tasks of daily life, both professional and private, are conveniently carried out via the smartphone and corresponding mobile apps. But are the apps you use secure? Or are you exposing your business and customer data to unacceptable risks?

During a mobile app security check, both self-developed and purchased apps are systematically tested by experienced security experts. In addition to security tests of the app itself, all security-relevant configuration options, network connections and backend services are checked for vulnerabilities and potential security risks. You receive a detailed overview of the attack surface of your mobile apps and detailed guidance on how to secure them to secure your business and customer data.

Endpoint attack simulation / Stolen Device Review

What happens if one of our devices is lost or stolen?

With the ever-increasing decentralisation of the modern workplace, which includes working at different locations, more and more employees use IT-assets outside the company’s offices. These devices contain sensitive data or provide easy access to company ressources and networks, resulting in new security risks for these devices. Are you aware of how resilient your mobile devices are against attackers with physical access? Are your devices hardened in a way that even in the event of theft, no sensitive data can be accessed?

Condignum offers dedicated tests to answer these questions, in which the general security of your endpoints is tested. Various attack scenarios are tested here and you receive detailed guidance on how to improve the security of your devices.

Attack and Breach Simulation/Red/Purple Teaming (attacker simulation)

Are we able to defend against the attacks of current hacker groups?

Today, ransomware groups use advanced technologies and work together in well-organised structures. Do you have appropriate security processes as well as technical and organisational controls in place to defend against these kind of threats?

To answer these question, condignum offers so-called Red and Purple Teamings based on well-known frameworks such as TIBER, DORA and NIST. This is a method for testing information security in which a simulated attacks on a network, a system or an application are carried out.

OT/SCADA Security Assessments

Are our industrial control systems secure?

Attacks against IT infrastructure in the industrial environment have become a relevant attack vector nowadays. The impact of successful attacks on control systems in the energy or industrial sector can usually be described as very critical, which is why the legislator has already established IT security laws and regulations.

Condignum therefore offers security services in the OT environment. We have many years of experience in carrying out various security services - be it, for example, accompanying the implementation of a new environment for the operation of OT technology, checking the secure configuration of a new network control system in the electricity environment, or testing the interfaces between office IT and the OT environment.

Phishing simulation

Oh, I really won an iPhone?

Phishing emails are still among the most obvious entry points for successful hacker attacks.

The targeted attack attempt via faked emails (spear phishing attack) describes a method of social engineering with the aim of spying on passwords or even gaining access to IT systems.

By simulating various phishing campaigns (phishing for access data, introducing malware via harmful attachments or downloads, etc.), the awareness of the organisation can be tested and sustainably strengthened.