Security advice is often most valuable before a single line of code is written. For early-stage or fast-moving projects, an initial assessment of architecture and design choices is far more effective than a late-stage penetration test.
We help you evaluate the trustworthiness of third-party components, the security posture of open-source dependencies, and whether chosen design patterns can withstand real-world threats.
Our team has guided numerous projects through their formative phases, identifying subtle risks and architectural pitfalls long before they become costly vulnerabilities.
Seeking expert input early saves time, reduces risk, and empowers teams to build securely from the ground up—free to focus on shipping code without fearing the fallout.
Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits. Web application and mobile app developers speak many languages and so do we. From classic languages as PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to more exotic candidates like web back-ends written in C++ and Delphi – we've seen them.
During our assignments we appreciate contact to the development team to be able to discuss bugs, vulnerabilities and fixes as quickly as possible. At the time of report submission, all critical bugs we spotted are usually fixed already – or soon thereafter.
Our assignments don't end with the report submission. Ongoing communication and knowledge transfer are part of the package – we rarely experience the often mentioned gap between development and security.
Since Cure53 was founded in 2007, we have performed several hundreds of penetration tests against all kinds of web applications, online services, hardware interfaces, mobile applications, libraries and crypto tools. We value manual and thorough tests, human interaction and communication and a short yet to-the-point penetration test report without overhead or pie charts no one wants to see.
Cure53 excels in providing detailed and targeted audits for infrastructure, platforms, and cryptographic systems. Our audits go beyond the traditional scope of application security, assessing the integrity and resilience of the underlying architecture that supports critical digital operations. Whether it's cloud infrastructure, server setups, or complex platform configurations, we ensure that every layer is scrutinized for vulnerabilities and weaknesses.
In the realm of cryptography, we specialize in assessing the security of cryptographic algorithms and their implementations. Our team is well-versed in evaluating key management systems, encryption protocols, and cryptographic libraries to ensure they meet the highest standards of protection. We provide thorough analysis to prevent potential threats like key exposure, weak encryption, or misconfigurations that could lead to significant security risks.
Our holistic approach to security auditing ensures that both the hardware and software aspects of your system are thoroughly tested. From protocol vulnerabilities to cloud security gaps, we offer expert insights and remediation strategies that help businesses safeguard their assets and maintain robust protection against evolving threats.
All reports are been proudly published upon explicit request by the project maintainers, or the party that sponsored the penetration test in coordination with the project maintainer. The links below are ordered by publication date.
Email hello@cure53.de Telephone +49 1520 8675 782
We speak PGP and S/MIME
Address
Cure53,
Dr.-Ing. Mario Heiderich
Wilmersdorfer Str. 106
D-10629 Berlin
Germany
Payment
As well as the usual, we also accept Bitcoin (BTC), Bitcoin Cash (BCH), Ripple (XRP) and Ethereum (ETH).
Bill.com, Deel and Veem also work for us.
Insurance During our assignments we are insured by the Gothaer Allgemeine Versicherung AG
Legals
Tax-ID: 24/336/01163
VAT: DE-275774772