Services EN - Scudos

Secure Infrastructures & Applications

IFASEC offers security expertise and consulting for your infrastructure & software

Complex IT Networks require maximum data security. Increasing information exchange, growing digitization and industry 4.0 open the door to data theft and knowledge loss. Professional and up-to-date data backup is therefore an indispensable part of every company's strategy.

IFASEC advises and creates an IT security concept tailored to your company requirements in the following areas:

  • penetration tests
  • code analyses
  • IT security analyses
  • Security in IT infrastructures

Penetration Tests – Find Security Vulnerabilities

Dangerous hacker attacks cause a lot of sensation: changed websites, data theft, access to accounts and trade secrets. Is your IT infrastructure prepared for such attacks? With the penetration test we help you to find and close the security gaps.

What is a penetration test for?

A penetration test simulates hackers' attacks and attempts to gain unauthorized access to IT infrastructures. The aim is to identify weak points and possible points of attack.

The procedure

During preliminary discussions, the test procedure and methodology will be specified and the contact persons will be determined.  After the performance of the penetration test, we will not only present you the results of existing weak points, but also give you recommendations for improving you IT security.

What is achieved by a penetration test?

  • prevention of hacker attacks
  • protection of company data
  • saving time and money in the event of a hacker attack

Our penetration tests follow the recommendations of the German Federal Office for Information Security (BSI).

Experienced Team

Our team carries out penetration tests for companies of almost all sizes. One focus is the investigation of web applications, but we also test IT Networks and "classic" applications.

IT Security Analysis

Companies are aware of the challenges in IT security and are faced with the task of further developing the IT structures in relation to today's threats. Often investments in IT security have been made. From our point of view, security should be easy to use, transparent and also manageable by the IT department. This requires a high degree of automation and standardization.

In accordance to the customers requirements we carry out a requirements-, hazard- and risk analysis. By means of these analysis we qualify the risk situations of an organization and support them in order to achieve higher security with targeted economic measures.

The aim of our IT security analysis is to to develop the companys IT to a system with a high level of security.

 

Code Analysis

The serious IT security incidents of recent years clearly show that code vulnerabilities are the most frequently used attacks in IT infrastructures worldwide. The consequences, besides damage to reputation and liability claims, are enormous economic losses due to production stoppages, data theft, idea theft and blackmail.

Causes for such software vulnerabilities can be:

  • Lack of security awareness
  • Time and cost pressure in software development
  • Missing security check
  • Missing tools to find vulnerabilities

Our contribution to your company:

Our experts examine your software independently of the operating system and programming language. We check your business-/web applications as well as your mobile apps.

The result of the investigation is an informative report. A classification according to recognized security profiles such as OWASP Top 10 or PCI is performed.

  • detailed descriptions of vulnerabilities
  • Visibility and severity ratings
  • appropriate remedial measures

 

Code-Review

A manual check without software tools is generally referred to as a code review. However, this review rarely takes place in this purely manual form, since the code to be checked often comprises millions of lines and the associated costs are in no economic relation to the benefit. On the other hand, fundamental design errors of an application can often only be uncovered by a review.

IFASEC performs static code analyses in conjunction with code reviews. This allows recurring vulnerabilities and error-prone code parts to be automatically scanned throughout the code and the result qualified by a supplementary manual review.

Static Code Analysis

A static code analysis checks the source code of an application without executing it, that's why the term "static". However, the prerequisite for this is the presence of this source code.

Dynamic Code Analysis

Dynamic code analysis check the entire system during operation, i.e. the application, the technologies used, the server setup for gaps, e.g. errors in the configuration of web servers, in the authentication procedures or in the transmission and storage of data.
Only the combination of static and dynamic code analysis provides a reliable basis for secure applications.

Contact us for an initial consultation!

Projects

IFASEC has its roots in research and teaching in higher education and is a partner of important safety projects on the way to "Industry 4.0".

go-digital

Get up to 50% support in the field of IT security!

Ask IFASEC about the go-digital funding programme and benefit from the BMWi funding for a higher IT security level in your company!

go-digital

The go-digital funding program

The Federal Ministry of Economics and Energy (BMWi) supports in the module IT security

  • Risk and security analysis of existing or newly planned operational ICT infrastructure
  • measures for initiating/optimizing operational IT security management systems

 

Small and medium-sized enterprises in the commercial sector can apply for this funding program.

The application and administrative handling of the program is taken over by IFASEC GmbH. It is one of the consulting firms authorized by the BMWi in the go-digital support program for the IT security module.

We will be happy to answer any questions you may have about the funding program at info@ifasec.de or +49 231 5869202

EnAbLE KMU

EnAbLE KMU - Development of user-based solutions for individual production in SMEs - is a joint project for SMEs for the digitization of single-part production processes. To support companies in this digitization process, a Smart Service Platform is created, on which individual digitization steps are individually and SME-specific configured and implemented.

IFASEC contributes to the IT security of the architecture, implementation and operation of the platform in this project.

This project is supported by EFRE.NRW of the EU and the Ministry of Economics of the county of NRW.

Project participants: RWTH Aachen WZL, innoTecS Ingenieurgesellschaft mbH, PH-Mechanik GmbH & Co KG, IFASEC GmbH

Europäische Union - Investition in unsere Zukunft - Europäischer Fonds für regionale Entwicklung

EFRE.NRW - Investition in Wachstum und Beschäftigung

Password Computer

character repertoire  Zeichen
password length  Zeichen
Attacker's computing power
password risk
  • Default: 50% (probable value that the password will be calculated in half the time)
  • maximum security: 100% is not reasonable, because there is no absolute security.
findings
Number of possible passwords Passwords
Number of calculated passwords per second Passwords per Seconds
Password lifetime Years
Weeks
Days
Hours
Minutes
seconds.milliseconds
Hints
character repertoire: The number of possible characters: 10 characters for numbers; 26 characters for lowercase letters; 52 characters for lowercase and uppercase letters; 62 characters for numbers, lowercase and uppercase letters; 96 - 108 characters for adding special characters
Passwortleight: The number of characters of your password
Attacker's computing power: The computing power of a potential attacker that you appreciate
password risk: The estimated probability that the password will be cracked before its calculated lifetime. Since it is not possible to predict where the password to be calculated will appear among all possible passwords, the estimated password risk can be used to determine the risk.

Möchten Sie SCUDOS in Aktion sehen?