As an experienced security partner, we have been successfully securing your entire IT & OT for the past 20 years. We use the relevant international standards of IT and OT security and go with our 'Security Testing Process' with 5 methods far beyond classic penetration testing to identify the points of attack in your systems: Security vulnerabilities in software, firmware and microcode without them all attacks are unsuccessful. Of course, we are also available for you at any time in case of an emergency and support you in restarting your IT in a timely manner – including forensic investigations.
»The experienced consultants of softScheck have given us valuable impulses for the architecture and design of our Java applications by implementing a threat modeling as well as their practical implementation within the framework of our Secure SDLC.«
»softScheck’s customer-orientation is characterized by a high sense of responsibility towards the customer. The consultants were personally available to answer questions even after the security tests were completed.«
»It was a really very good and pleasant cooperation with your colleagues. I had a lot of fun!«
Jul 21, 2022
During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not perform authorization correctly for certain attachment endpoints. This would allow an unauthenticated attacker to gain access to all attachments -- such as pictures, emails or other attached files. In this blog post, we describe how the vulnerability was identified and exploited, as well as what caused it
Read Article