What our clients say

InterComponentWare AG

»The experienced consultants of softScheck have given us valuable impulses for the architecture and design of our Java applications by implementing a threat modeling as well as their practical implementation within the framework of our Secure SDLC.«

Volker Kossack
Manager Software Engineering

Storz Medical AG

»It was a really very good and pleasant cooperation with your colleagues. I had a lot of fun!«

Axel Koch
Developer

Sofort GmbH

»softScheck’s customer-orientation is characterized by a high sense of responsibility towards the customer. The consultants were personally available to answer questions even after the security tests were completed.«

Jens Heddrich
IT-Security Officer

Latest Blog Post

Zammad Helpdesk Zero-Day-Vulnerability

Jul 21, 2022

During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not perform authorization correctly for certain attachment endpoints. This would allow an unauthenticated attacker to gain access to all attachments -- such as pictures, emails or other attached files. In this blog post, we describe how the vulnerability was identified and exploited, as well as what caused it

Read Article

Clients and partners

Storz Medical AG
netcologne logo
fsp logo
it-sa
ISA
Allianz für Cyber-Sicherheit
GI
infoteam
bitkom logo
Johner-Institut
Berlin University of Digital Sciences
nrw units
privacy one
KVW
TP