Web Application Tests
OWASP Top 10, authentication, access control, API and GraphQL testing.
View servicePENETRATION TESTING
Attacks that aretraceableand documented.
Penetration tests at SEKurity are hand-driven, targeted engagements carried out by certified offensive specialists. No scanner dumps, no inflated lists without context. Every finding is reproducible, prioritised and paired with a concrete mitigation.
01 · SCOPING
Black, grey and whitebox. Discussed openly.
We choose scoping by attack reality, not marketing. Blackbox for pure perimeter validation, greybox for most projects (tested with standard user accounts) and whitebox where source-code and architecture access materially improve value. The decision is made in a technical kick-off together with your team.
02 · DELIVERABLES
A report you can defend internally.
Every engagement ends with a report: management summary, technical findings with request/response evidence, CVSS rating, reproduction steps and recommended fixes. On top of that, a technical debrief with development and operations. Retests of closed findings are available as a separately priced add-on.
03 · SERVICES
Six disciplines, one quality standard.
Mobile App Tests
iOS and Android, static and dynamic, MASVS/MASTG-aligned.
View servicePerimeter Tests
External attack surface, VPN appliances, mail, DNS, subdomain hygiene.
View serviceInfrastructure Tests
Internal network, segmentation, lateral movement, privilege escalation.
View serviceActive Directory Tests
Kerberos, ACL abuse, ADCS ESC1-11, delegation, Tier-0 containment.
View serviceSAP Security Tests
NetWeaver, S/4HANA, RFC/Gateway, critical roles, transport system.
View serviceNEXT STEP
Let's talk about the concrete goal of your next pentest.
A 30-minute call with a test lead is enough to realistically outline scope, timing and depth. No sales round, just a technical pre-alignment.