Consulting Services

We’re currently offering the following consulting services:

Penetration Tests

A penetration test, or pen test, is a security assessment that involves simulating attacks on a computer system, network, or application. We attempt to identify vulnerabilities and weaknesses in the target system by using the same techniques and tools as potential malicious actors. The objective is to uncover and address security risks before they can be exploited, helping organizations enhance their cybersecurity defenses and protect against real threats. Penetration tests are a proactive measure to ensure the robustness of digital assets and data security.

We perform penetration tests against all kinds of targets:

  • Web applications with any tech stack
  • Web service APIs – i.e., GraphQl, Rest, SOAP
  • IoT devices – i.e., your custom router or baby bassinet
  • Thick client/desktop applications running on Microsoft Windows
  • Android mobile apps
  • iOS mobile apps

Bug Bounty Services

Empower your organization’s cybersecurity with a tailored Bug Bounty Program. Take control of your digital defense by engaging a community of ethical hackers to proactively identify vulnerabilities. Running your own Bug Bounty Program enhances your security posture and demonstrates a commitment to staying ahead in the ever-evolving landscape of cyber threats.

Do you want to run your own vulnerability disclosure or bug bounty program? Or do you already operate one but are not happy with how it is managed? Do you want to have independent triage?

What we do:

  • Setting up vulnerability disclosure and bug bounty programs
  • Managing new and existing programs
  • Triaging incoming bug bounty reports

Source Code Reviews

A security source code review, also known as a code audit or static code analysis, is a meticulous examination of the software’s source code to identify and rectify security vulnerabilities and flaws. This in-depth analysis is crucial for ensuring that software applications are robust and resistant to potential cyber threats, as it enables developers and security experts to spot and mitigate security issues before they can be exploited by malicious actors.

We perform source code reviews of applications based on the following languages:

  • Java
  • Python
  • PHP
  • .NET
  • (server-side) JavaScript

Attack Surface Management

Attack Surface Management is a security practice focused on identifying, monitoring, and reducing digital vulnerabilities and potential points of attack within an organization’s IT environment. It involves a comprehensive assessment of the organization’s assets, including applications, networks, and data, to determine where and how malicious actors might exploit weaknesses. By actively managing and minimizing the attack surface, organizations can strengthen their security posture, reduce risks, and safeguard their systems and data from potential cyber threats.

What we do:

  • Continuous monitoring of any of your assets, including mobile apps.

Interested in getting hacked?

Leave me a message at info [a.t] rcesecurity [d.o.t] com (for an additional level of privacy: PGP-Key) or use the contact form.

Past Customers and Projects

  • Big international airline – Performed penetration test against internet-facing assets
  • Big German DSL/cable modem manufacturer – Performed penetration test against hardware devices
  • Big German domain registrar – Performed penetration test against newly developed web api
  • Big German insurance company – White-box security configuration review
  • Big German transportation company – Performed penetration tests against new web functionality
  • Mid-sized German ridesharing company – Performed penetration test against all web assets
  • Mid-sized German cargo company – Performed firewall configuration analysis and maintenance
  • Mid-sized German animal food wholesaler – Secured email infrastructure via configuration review
  • Mid-sized German banking tool vendor – Performed penetration test against Windows thick client
  • Mid-sized German bank – Performed penetration test against customer-facing web application and API
  • Small-sized German dog food shop – Performed security hardening of an online shop