Services

CyberDanube is your trusted partner for independent security assessments and specialized pentests.
We offer highly customized security testing (pentesting) tailored for individual requirements of each customer. Our team consists exclusively of technically skilled experts who understand and specialize in your specific challenges. We focus on dedicated, in-depth assessments in critical areas such as OT, (I)IoT, embedded systems. We intentionally avoid using standard tests or automated scans, instead conducting thorough manual testing to uncover even the most hidden vulnerabilities, including zero-day threats, ensuring robust protection for your systems and services.

IT / OT Infrastructure Security 
Consulting & Testing

Penetration testing and security consulting for IT & OT infrastructures, focusing on securing interconnected systems. Our approach includes comprehensive external and internal testing to identify vulnerabilities based on defined, individualized threat scenarios. We manually verify identified weaknesses by simulating direct attacks, repeatedly refining our approach to uncover hidden, undocumented areas within the systems and infrastructure during testing (Post Exploitation).

Given the potentially severe consequences of IT/OT system vulnerabilities—such as the failure of entire production facilities or critical infrastructure, leading to significant economic damage—we assess risks specifically tailored to company’s needs. A penetration test evaluates the risks associated with these specific scenarios, providing insight into what an attacker could achieve within a limited time frame. Test and attack scenarios are adaptable and can be adjusted in collaboration with system owners to ensure a thorough, actionable strategy for securing environments and critical components against threats.

This includes e.g.

Critical Infrastructure

Industrial Network (SCADA)

Process Control System (ICS)

(Web) Application Security Consulting & Testing

Our penetration testing and security consulting for (web) applications, including APIs, focuses on protecting critical data, interfaces and business functionalities. Applications are often the backbone of crucial business processes and financial transactions, making them a prime target for attackers. Exposed applications, due to their global accessibility, face particular threats, often with direct connections to internal systems (e.g., ERP system databases), posing potential entry points into the internal network.
Our team provides in-depth security consulting and penetration testing for applications. This security assessment includes evaluating core systems, testing authentication and session management, assessing APIs, and identifying vulnerabilities based on well known standards (e.g. OWASP Top 10). We examine application logic and perform advanced attacks on identified weaknesses. By strengthening applications against these threats, we ensure robust protection for critical information and functionality, enhancing resilience and trust in digital services.

This includes e.g.

Web-Application incl. API

Fat-Client Application

Code Review

IoT / IIoT / Embedded Device Security Consulting & Testing

Penetration testing and security consulting for IoT, IIoT, and embedded devices focus on identifying vulnerabilities to ensure robust protection against cyber threats, particularly in critical supply chains. We specialize in securing technologies for both industrial and consumer devices. Embedded systems – commonly used for monitoring, control, and data processing – are widespread in industrial and consumer settings, often with direct connection to internal networks or the internet, creating significant security risks.
Our Embedded Security Assessment provides a evaluation of system security by examining various aspects. This includes analyzing hardware components for vulnerabilities, reviewing firmware and operating systems to identify potential risks and assessing security measures such as Secure Boot and Hardware Security Modules (HSM). We validate cryptographic implementations and evaluate System-on-Chip (SoC) specific features for potential weaknesses. The assessment also includes testing communication protocols like Bluetooth and Wi-Fi, conducting side-channel attack simulations and reviewing application-level security. Finally, we provide a detailed risk analysis with tailored mitigation recommendations, ensuring robust protection for IoT, IIoT & embedded devices across both hardware & software domains.

This includes e.g.

Firmware

ECU

Security Design Review

Hardware Lab with specialized Equipment

Our advanced Hardware Lab in Vienna – Austria, specializes in comprehensive security testing of devices at hardware level. Using state-of-the-art tools, including our unique firmware analysis tool MEDUSA, along with various adapters and devices, we offer reverse engineering, side-channel analysis and fault injection to identify vulnerabilities in hardware components, firmware, and communication interfaces within (I)IoT and embedded systems.

We examine internal and external communication protocols, including data transmission between chips, and evaluate SoC-specific security measures like Boot Chain Security and memory isolation. Our in-depth tests also uncover undocumented components, analyze potential data exfiltration pathways, and identify vulnerabilities like hidden kill switches. By leveraging specialized tools, we help organizations and manufacturers detect and mitigate hardware-based threats, even those exploited by politically motivated actors. This comprehensive approach enhances the overall security and resilience of devices used in critical domains.

This includes e.g.

Glitching

Secure Boot

Debug Interface