Security Assessment

A security assessment describes a systematic testing process to evaluate the IT security level of a specific application. The general goal is to uncover as many security vulnerabilities as possible in a specific application or software in as short a time as possible.

In the practical execution of a security assessment, there are several different variations that have a strong influence on the test methods, the procedure and the expected results. Depending on the test object and the available information, different methods from source code review to black box or reverse engineering come into question. We are happy to advise you on the choice of individual parameters to find the optimal approach to achieve your goals.


Web applications

Web applications are an integral part of the value chain for most organizations and are often the central communication medium for companies. Web applications are in many cases accessible via the Internet and thus provide a large and easily accessible attack surface for cyber criminals. Security problems in these applications can quickly lead to considerable damage in the form of data leaks or manipulation (defacement), for example. Self-developed web applications are susceptible to many security vulnerabilities due to the typically short development cycles. It is advisable to regularly check these applications in the form of a security assessment.

A whole range of different approaches (black box, grey box, white box, source code, ...) can be used to carry out a web security assessment. We will be happy to advise you on the advantages and, if necessary, disadvantages of the various methods to find the optimal procedure for achieving your goals.



Mobile apps and web services

Mobile applications are widespread and, in many cases, take over or supplement the tasks of a classic web application in the browser. The mobile app on the smartphone forms the user interface. The data and information are usually transferred to the respective smartphone user with the help of a web service (API) in the backend. Depending on the deployment scenario, mobile apps can be an integral part of an organization's value chain and thus a critical success factor. Data leaks and manipulations in mobile apps can quickly lead to data breaches, reputational damage and more. Especially security issues in the backend system accessible via the Internet can be very easily exploited by cyber criminals for attacks. We recommend that these applications and the associated backend systems are subjected to cyclical security assessments.

CERTAINITY offers security assessments of mobile applications for all common platforms (iOS and Android) as well as the corresponding backend systems. We will be happy to advise you on the choice of the assessment scope and the appropriate methodology to find the optimal approach to achieve your goals.



IOT/Embedded

Not all IT systems necessarily look like computers. Nevertheless, or perhaps precisely because of this, these systems are particularly widespread and now have a direct impact on all of our daily lives. The upcoming Cyber Resilience Act of the European Union will bring new, sometimes drastic, regulations especially in this environment. Regardless of whether you operate smart devices or develop them yourself, we recommend that you also take care of the security of the hardware and software in good time.

CERTAINITY's experts regularly check IoT devices and embedded systems for potential security vulnerabilities. The scope ranges from highly automated methods to manual detailed analysis using reverse engineering. We are happy to advise you on the respective possibilities and options and support you in finding the optimal approach to achieve your goals.



SAP Enterprise Security

SAP systems are among the core systems of a company. Security problems in these systems often lead to considerable damage and can jeopardize the continued existence of a company. The issue of security in this environment is often reduced to checking the correct access authorization. However, this approach does not do justice to the full risk potential. By combining SAP best practices with background knowledge in penetration testing, CERTAINITY's experts take a tailored approach to realistically assess the security of SAP enterprise systems and applications.

The key to a holistic approach to SAP security is to identify underlying causes and derive appropriate countermeasures. We are happy to advise you on the respective possibilities and options and support you in finding the optimal approach to achieve your goals.



Our comprehensive security assessment portfolio helps you uncover vulnerabilities and threats in your applications and key systems. For the uncovered security problems, you receive corresponding solution proposals and recommendations with which you can sustainably increase your IT security level and measurably reduce your risks. In this environment CERTAINITY realizes projects between 5 and several 100 man-days of effort, depending on the scope of the application and the investigation method.


Make an individual appointment to discuss your questions and objectives with the experts at CERTAINITY. We will be happy to advise you on the choice of individual parameters to find the optimal approach to achieve your goals.


In case of emergency, you can reach our experts of the CERTAINITY Computer Emergency Response Team (CERT) at CERT@certainity.com or call us:

GERMANY: +49-800-CERTAIN (+49-800-2378246)
AUSTRIA/Rest of Europe: +43-664-888 44 686