Other services
We further support our customers through our team of experts, extended by our vast group of partners with:
  • Application / Infrastructure / Network security architecture review and continuous advisory
  • Security / Privacy by design
  • Vulnerability assessment, penetration testing (black, gray, white boxed)
    recurring semi automated + manual and / or tailor made automated checks integrated in the CI/CD pipeline
  • Regular Threat Modelling, Risk Acceptance, Gap Analysis
  • OSINT (Open-source intelligence)
  • DevSecOps, SSDLC (Secure Software Development Life Cycle)
  • Governance, Risk management, and Compliance (GRC)
    preparation support and audit:
    • SOC X (Type 1 and 2)
      • SOC 1 — Internal Control over Financial Reporting (ICFR)
      • SOC 2 — Trust Services Criteria
      • SOC 3 — Trust Services Criteria for General Use Report
    • BSI (Bundesamt für Sicherheit in der Informationstechnik)
    • ISO 27001
    • PCI-DSS
  • Vulnerability Disclosure Policy / Program, Bug Bounty Program
  • SSG (Software Security Group) and Security Champions based on OWASP (Open Web Application Security Project) and BSIMM (Building Security In Maturity Model) assessment / standards and continuous improvement, support, advisory
  • Trainings, campaigns, workshops: 
    security awareness raising, 
    secure software development, 
    social engineering exercises etc.