Optimal protection against attacks on web applications

No matter what kind of information you provide (black/grey/white box approach), when performing the tests we use recognized standards and best practices such as OWASP, WASC and the German Federal Office for Information Security (BSI).

The penetration tests are performed as a combination of automated and manual tests, in order to achieve conclusive and high-quality results. This enables our IT security experts to identify specific vulnerabilities of web applications, e.g. SQL injection or cross-site scripting vulnerabilities.

• architecture and design analyses
• review of coding guidelines and security guidelines
• penetration tests using the black/gray/white box approach
• review of web application firewall rulesets
• optional performance of the SQ best practice certification procedure with the objective of a certificate being issued

• leverage the breadth of TÜViT security expertise: with TÜViT, you have as your partner one of the leading experts in the field of cyber security
• we are certified by the German Federal Office of Information Security (BSI) as an IT security service provider for IS audits, IS consulting, and penetration tests
• efficient performance of penetration tests using a specially developed test platform, the “Distributed Penetration Platform” (DPP)
• objective analysis and assessment of the established technical and organizational security measures in the field of web application security
• definition of your security maturity level on the basis of recognized standards and best practices (e.g. OWASP, WASC, and the German Federal Office of Information Security (BSI))
• increasing the efficiency and overall security level through derived recommendations for action that are individually tailored to your objectives and requirements
• fulfilling duties of care in test performance as well as security and compliance requirements