As an experienced security partner, we have been successfully securing your entire IT & OT for the past 20 years. We use the relevant international standards of IT and OT security and go with our 'Security Testing Process' with 5 methods far beyond classic penetration testing to identify the points of attack in your systems: Security vulnerabilities in software, firmware and microcode without them all attacks are unsuccessful. Of course, we are also available for you at any time in case of an emergency and support you in restarting your IT in a timely manner – including forensic investigations.
»We had our IGW / 922 VPN remote access gateway router tested by the IT security experts of softScheck, using both penetration testing and the fuzzing of specific network interfaces. We would like to thank softScheck for their excellent work and will continue to rely on them in the future.«
»softScheck’s customer-orientation is characterized by a high sense of responsibility towards the customer. The consultants were personally available to answer questions even after the security tests were completed.«
»The customer-oriented consultants of softScheck GmbH successfully supported us during the threat modeling of a Java EE application.«
Jul 21, 2022
During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not perform authorization correctly for certain attachment endpoints. This would allow an unauthenticated attacker to gain access to all attachments -- such as pictures, emails or other attached files. In this blog post, we describe how the vulnerability was identified and exploited, as well as what caused it
Read Article
