Digitisation of services, production and mobility means that all figures are looking up: On the one hand, efficiency and customer orientation are increasing – but so are the complexity of the systems and the number of potential vulnerabilities. Don’t leave it to the wrong hands to find out where your weak points are – we’ll test your system comprehensively and let you know of any action that needs to be taken.
As an experienced security consultancy with domain knowledge of the military, government agencies, aerospace and automotive industry, we bring all the skills together that are called for when analysing systems for weak points: We are intimately familiar with embedded systems, IT backend systems, custom software development and data processing centres. As a manufacturer-independent service provider, we guarantee you a neutral, untainted perspective at all times. We use manually executed attack methods which we conduct with a variety of tools.
- Manual penetration tests via automated scanners for:
- Industrial control systems (ICS / SCADA)
- Automotive on-board / off-board pentesting
- IoT pentesting
- Embedded pentesting
- Statistical/dynamic code analysis
- Analysis, simulation & testing of networks, concepts and technologies
Using methods like debugging, replay attacks, fuzzing and message injection, we test:
- Backend communication (cars, aeroplanes, ships, …)
- Electronic control units (ECU) e.g. for infotainment, gearbox
- Sensor / actuator units
With methods such as sniffing and spoofing as well as evaluation of remote access, we test:
- Industrial Control Systems (ICS) e.g. Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Human Machine Interfaces (HMI)
- SCADA systems
- Connection between OT & IT
Using vulnerability scans, configuration analysis, container enumeration and OWASP TOP 10, we test:
- Business-critical systems (CRM, ActiveDirectory, Mail, SAP, HANA, …)
- Network infrastructures
- Security appliances
- Cloud applications
- Vulnerabilities become clear so they can be eliminated
- Protection from reduction in quality and damage to your reputation
- Neutral examination of the actual situation
- Flexible, selectively useable and repeatable procedures
- Methods for inspecting security gaps which have already been closed
A success story with CYOSS
A supplier was commissioned by an automobile manufacturer to develop a transmission control unit (TCU) – with exact requirements for security testing. CYOSS conducted an automated penetration test for the TDU by fuzzing serial communication protocols for the supplier. Thanks to the findings obtained, it was rendered impossible to tamper with the transmission.
A success story with CYOSS
CYOSS subjected a new IT security solution for an automation technology manufacturer to a penetration test within its IT network. The results helped the customer fine-tune the orientation of its IT strategy and justify the budget for follow-up measures.