Pentests beyond checklists
Find vulnerabilities before attackers do. Our security experts have a deep understanding of Web3 technologies and test the resilience of your infrastructure and applications.
We have pentested a variety of different software solutions that interact with blockchain systems, including mobile wallets, browser extensions, smart contract web interfaces, and backends with key management.
Our clients give us a Net Promoter Score (NPS) of 82%, which is an exceptionally high rating across industries.
Our process
System Analysis & Threat Modeling
We map your architecture, user interactions and data flows using project docs, code and live instances to focus on high-risk areas. If relevant, we align this analysis with compliance standards such as GDPR, PCI-DSS, or HIPAA.
Automated Scanning & Analysis
We use state-of-the-art dynamic analysis solutions to scan running systems in addition to static analysis tools to identify, amongst others, misconfigurations, insecure endpoints, common exploit vectors, insecure coding patterns and dependency issues.
Manual White-/Grey-box Penetration Testing
We then analyze the behavior of the system from the outside, assisted by the code to focus attention on relevant attack vectors. Beyond application-level testing, we offer network penetration testing to assess your firewalls, internal network security, VPN configurations, and potential network-based attacks.
Optional Selected Code Review
In the final step, our senior security engineers perform a manual line-by-line code review of selected critical code paths to ensure best practices are followed and identify potential vulnerabilities.
Reporting & Deliverables
At the conclusion of the engagement, we provide a comprehensive report detailing each finding, its severity (Critical, High, Medium, Low), proof-of-concept (PoC) exploitation steps, and actionable remediation advice.
Retesting and Verification
After remediation steps are completed, we offer retesting to verify that the vulnerabilities have been properly addressed and mitigated.
