Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits. Web application and mobile app developers speak many languages and so do we. From classic languages as PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to more exotic candidates like web back-ends written in C and Delphi – we've seen them.
During our assignments we appreciate contact to the development team to be able to discuss bugs, vulnerabilities and fixes as quickly as possible. At the time of report submission, all critical bugs we spotted are usually fixed already – or soon thereafter.
Our assignments don't end with the report submission. Ongoing communication and knowledge transfer are part of the package – we rarely experience the often mentioned gap between development and security.
Since Cure53 was founded in 2007, we have performed several hundreds of penetration tests against all kinds of web applications, online services, hardware interfaces, mobile applications, libraries and crypto tools. We value manual and thorough tests, human interaction and communication and a short yet to-the-point penetration test report without overhead or pie charts no one wants to see.
Sometimes security advice is necessary before a penetration test would even make sense. Especially for young and quickly developing projects, an early security analysis, design help and architectural advice help more than a penetration test close to the launch date.
We can help finding out if a chosen 3rd party software is secure enough, a github repo looks trustworthy or a design pattern can resist real-life attacks.
In the past, we helped many projects during the design phase and early development stages by pointing out hidden risks and possible security pitfalls – before any code was written.
Getting professional security advice before the majority of code is written often saves a lot of energy and helps especially young projects to focus on what they need to do: code safely without worrying about a bitter end.
Cure53 delivers a range of web security related training courses that range from a single, intense day to a full five day week. Trainings are available in German and English language and are carried out by one, two or even three members of the team depending on the number of participants.
Cure53 has carried out several dozens of web security trainings in Germany, Belgium, Switzerland, UK and even India. We have trained small startups as well as major telecommunication providers, government institutions, university students as well as full-grown well-experienced web penetration testers.
Our trainings are known to be intense and a fire-hose of knowledge – almost too much to take. needless to say all participants will get a copy of the training slides with examples, links and more. Questions arising after the training event will be answered by our team as part of the package.
We frequently offer training courses on conferences, but focus on corporate trainings for classes of 10 to 25 students (and masters – many trainings end with us learning new things as well). To learn about course contents, get a preview to the training slides or ask for a quote please cont act us!
Note that all those reports have been proudly published upon explicit request by the project maintainers, or the party that sponsored the penetration test in coordination with the project maintainer. The links below are ordered by publication date.
Email [email protected] Telephone 49 1520 8675 782
We speak PGP and S/MIME
Address
Cure53,
Dr.-Ing. Mario Heiderich
Wilmersdorfer Str. 106
D-10629 Berlin
Germany
Links Home Services Publications Team Contact Impressum Datenschutz
Socials X / Twitter Mastodon LinkedIn Github Keybase
Payment
As well as the usual, we also accept Bitcoin (BTC), Bitcoin Cash (BCH), Ripple (XRP) and Ethereum (ETH).
Bill.com, Deel and Veem also work for us.
Insurance During our assignments we are insured by the Gothaer Allgemeine Versicherung AG
Legals
Tax-ID: 24/336/01163
VAT: DE-275774772