Learn about the services we offer
Penetration tests for online services
Our assignments don't end with the report submission. Ongoing communication and knowledge transfer are part of the package – we rarely experience the often mentioned gap between development and security.
Since Cure53 was founded in 2007, we have performed several hundreds of penetration tests against all kinds of web applications, online services, hardware interfaces, mobile applications, libraries and crypto tools. We value manual and thorough tests, human interaction and communication and a short yet to-the-point penetration test report without overhead or pie charts no one wants to see.
Security analysis and architectural advice
Sometimes security advice is necessary before a penetration test would even make sense. Especially for young and quickly developing projects, an early security analysis, design help and architectural advice help more than a penetration test close to the launch date. We can help finding out if a chosen 3rd party software is secure enough, a github repo looks trustworthy or a design pattern can resist real-life attacks.
In the past, we helped many projects during the design phase and early development stages by pointing out hidden risks and possible security pitfalls – before any code was written. Getting professional security advice before the majority of code is written often saves a lot of energy and helps especially young projects to focus on what they need to do: code safely without worrying about a bitter end.
Training and consulting
Cure53 delivers a range of web security related training courses that range from a single, intense day to a full five day week. Trainings are available in German and English language and are carried out by one, two or even three members of the team depending on the number of participants.
Cure53 has carried out several dozens of web security trainings in Germany, Belgium, Switzerland, UK and even India. We have trained small startups as well as major telecommunication providers, government institutions, university students as well as full-grown well-experienced web penetration testers.
Our trainings are known to be intense and a fire-hose of knowledge – almost too much to take. needless to say all participants will get a copy of the training slides with examples, links and more. Questions arising after the training event will be answered by our team as part of the package.
We frequently offer training courses on conferences, but focus on corporate trainings for classes of 10 to 25 students (and masters – many trainings end with us learning new things as well). To learn about course contents, get a preview to the training slides or ask for a quote please contact us!
Incident management, web malware analysis
"We got hacked. Do what now?" Cure53 helps answering the most pressing questions after an incident has happened, can help tracking down the root cause and assists in finding ways to make sure it doesn't happen again. We can further help in making your backend a bit safer – to minimize the damage in case the unpleasant event ever happens again. Cure53 has helped migrating millions of user accounts to secure password storage and communicating security fixes to unwilling third-party vendors.