Services
Pentagrid AG is specialised in the manual and semi-automated IT security analysis of IT systems. Due to more than a decade of experience in the software, infrastructure, and hardware security analysis field, our team is able to support our customers in a variety of information security related topics. As information security is a field that requires knowledge from abstract concepts to deep technical processes, we believe that perpetual learning is a key element of our mission. With the help of our analysts, our customers are able to identify risks and subsequently address the underlying technical issues.
Software Security Assessments
Pentagrid provides software security assessments in the various phases of your project's life cycle – in the early requirements-establishing phases, during design and implementation, before going life, and later with regular security checks and in incident situations. Our software security testing covers for example:
Web applications and other web-based interfaces
Mobile applications
Backend applications
Authentication and Identity Management solutions
Desktop applications
Database applications
Infrastructure and Network Security Assessments
New IT infrastructure is often focussed on features and does not always follow security best-practises from the beginning, which usually results in less protected systems. Therefore, finding vulnerabilities and security-related problems is the key to improve the attack resistance of IT systems, which is necessary to protect your assets. We have experiences in analyzing a variety of infrastructure system types, for example:
Corporate networks
VoIP installations
Firewall setups and network segregation
WiFi network setups
Virtualized networks and infrastructure
Cloud-based infrastructure and orchestration setups
Access gateway solutions and VPN setups
Mobile device management systems
Malware hunting and post-incident analysis
-
Design and setup of non-obvious honeypots
Hardware Security Assessments
Selling hardware devices to the market means loosing control on how these products are used. Third parties may tear-down your devices, extract intellectual property or other sensitive information for further security analysis. Once, attackers identified vulnerabilities they may benefit from it. Pentagrid helps you to identify vulnerabilities before providing products to the market. For example, we analyze:
Embedded devices
IoT devices
Firmware
Infotainment systems
Protocols such as field busses, radio links, for example Bluetooth and proprietary systems, ...
RFID-based systems like access control systems
ATMs
Medical devices
Industrial control systems
Central building control and management systems
Consulting
Based on our technical experience and knowing how attackers approach challenges, Pentagrid AG provides security-related consulting helping you designing more secure IT and business processes. We may support you, for example in these fields:
Technical consulting for IT audit teams
Establishing a security development lifecycle
Consulting regarding security by design
Developing and establishing a required security level in your IT operation
Managing incident situation and vulnerability discoveries by external parties
Supporting you in your public communication
Establishing IT security requirements in your IT procurement processes
Managing a bug-bounty program
Analysis Methods
Depending on a project's objectives and what information is available, the analysis team selects an analysis approach that fits the project's requirement and constraints. We commonly use these methods:
Black-, grey, whitebox analysis
Reverse-engineering
Source code audits
Concept reviews
Architecture reviews
Structured penetration testing (pentests) and hot-spot testing
Red teaming
Testing methodologies: OWASP Testing Guide, OWASP Mobile Security Testing Guide (MSTG), OSSTMM, UL 2900
Fuzzing
Interview-based audits and assessments