The optimal protection of websites, web services and mobile applications is a real challenge for a lot of organizations. They do not always have the specific knowledge and experience in security tests and the regulatory constraints around data management are becoming even stricter. On top of this, security issues are more and more seen in the media resulting in financial harm and reputation loss for the affected organizations. With the help of our security testing services, Polteq provides insight into your security issues and helps you take the necessary steps to improve your security level as well as provide training.
The essence of our security test is the analysis and assessment of security risks for your organization, i.e. the risk analysis. We divide this approach into several phases:
During the first phase of the security test, we determine which risks your organization wants to mitigate and which specific website, web service or mobile application will be placed under test. This activity takes place according to the security policy, if any, of your organization and results in a strategy and detailed planning for the actual security test.
The second phase consists of the execution of the aforementioned strategy: we search for gaps in security by performing a ‘penetration test’. During this test we use different techniques like code reviews, technical tests, interviews with developers, architecture reviews and configuration reviews. These activities result in a report including a scope description, an overview of the executed tests, a summary, detailed findings with classification of criticality and an action plan with concrete measures to be taken by your organization.
During this phase, we discuss our findings with all stakeholders, including developers, architects, project leaders and business owners. We conclude the risk analysis with a collective assessment of the impact related to each security issue discovered.
After the security problems have been solved, we perform a retest for your organization. During this test, we examine whether the implemented solutions are effective and have induced no new security risks.
Besides improving the security level, we also help you raising the general knowledge about security testing within your organization. You can get in touch with us for trainings and on-the-job coaching as well as the testing of websites, web services and mobile applications.