Pentagrid AG is specialised in the manual and semi-automated IT security analysis of IT systems. Due to more than a decade of experience in the software, infrastructure, and hardware security analysis field, our team is able to support our customers in a variety of information security related topics. As information security is a field that requires knowledge from abstract concepts to deep technical processes, we believe that perpetual learning is a key element of our mission. With the help of our analysts, our customers are able to identify risks and subsequently address the underlying technical issues.

Software Security Assessments

Pentagrid provides software security assessments in the various phases of your project's life cycle – in the early requirements-establishing phases, during design and implementation, before going life, and later with regular security checks and in incident situations. Our software security testing covers for example:

  • Web applications and other web-based interfaces

  • Mobile applications

  • Backend applications

  • Authentication and Identity Management solutions

  • Desktop applications

  • Database applications

Infrastructure and Network Security Assessments

New IT infrastructure is often focussed on features and does not always follow security best-practises from the beginning, which usually results in less protected systems. Therefore, finding vulnerabilities and security-related problems is the key to improve the attack resistance of IT systems, which is necessary to protect your assets. We have experiences in analyzing a variety of infrastructure system types, for example:

  • Corporate networks

  • VoIP installations

  • Firewall setups and network segregation

  • WiFi network setups

  • Virtualized networks and infrastructure

  • Cloud-based infrastructure and orchestration setups

  • Access gateway solutions and VPN setups

  • Mobile device management systems

  • Malware hunting and post-incident analysis

  • Design and setup of non-obvious honeypots

Hardware Security Assessments

Selling hardware devices to the market means loosing control on how these products are used. Third parties may tear-down your devices, extract intellectual property or other sensitive information for further security analysis. Once, attackers identified vulnerabilities they may benefit from it. Pentagrid helps you to identify vulnerabilities before providing products to the market. For example, we analyze:

  • Embedded devices

  • IoT devices

  • Firmware

  • Infotainment systems

  • Protocols such as field busses, radio links, for example Bluetooth and proprietary systems, ...

  • RFID-based systems like access control systems

  • ATMs

  • Medical devices

  • Industrial control systems

  • Central building control and management systems


Based on our technical experience and knowing how attackers approach challenges, Pentagrid AG provides security-related consulting helping you designing more secure IT and business processes. We may support you, for example in these fields:

  • Technical consulting for IT audit teams

  • Establishing a security development lifecycle

  • Consulting regarding security by design

  • Developing and establishing a required security level in your IT operation

  • Managing incident situation and vulnerability discoveries by external parties

  • Supporting you in your public communication

  • Establishing IT security requirements in your IT procurement processes

  • Managing a bug-bounty program

Analysis Methods

Depending on a project's objectives and what information is available, the analysis team selects an analysis approach that fits the project's requirement and constraints. We commonly use these methods:

  • Black-, grey, whitebox analysis

  • Reverse-engineering

  • Source code audits

  • Concept reviews

  • Architecture reviews

  • Structured penetration testing (pentests) and hot-spot testing

  • Red teaming

  • Testing methodologies: OWASP Testing Guide, OWASP Mobile Security Testing Guide (MSTG), OSSTMM

  • Fuzzing

  • Interview-based audits and assessments