- Nettverkssikkerhet
- Sikkerhet for webapplikasjoner
- Sikkerhet i mobilapper
- Sosial manipulering
- Sikkerhet i skyen
- IoT-sikkerhet
- API-sikkerhet
- External & internal penetration testing
- Testing av samsvar
- Containersikkerhet
- CI/CD pipeline security
- Sikker kodegjennomgang
- Red team exercises
Nettverkssikkerhet
Beautiful on the outside. But inside? Forgotten devices, weak configurations, holes in segmentation. We simulate DDoS, MITM, lateral movement and other real attacks so you can see how your infrastructure behaves under pressure, not in theory, but in battle.
Sikkerhet for webapplikasjoner
Injections, XSS, authorization flaws, logic bugs. We don't check boxes, we attack like hackers. You get specific attack vectors and complete risk understanding, not just compliance recommendations.
Sikkerhet i mobilapper
A polished interface doesn't mean anything. Inside could be a mess: weak crypto, unprotected storage, broken SSL. We reverse engineer, test, and show you where you might have already been compromised.
Sosial manipulering
The weakest point is human. We model real scenarios: phishing, spoofed emails, “tech support” calls, physical access. We test who clicks, who shares data, who opens doors. Then we train the team on their actual actions, not theory.
Sikkerhet i skyen
AWS, Azure, GCP: one wrong permission equals full access. We manually and automatically check IAM, configs, S3 buckets, logging, and network ACLs to eliminate gaps in your cloud security.
IoT-sikkerhet
Smart devices are often stupidly insecure: “admin” default passwords, checkbox encryption, weak cloud transmission. We crack firmware, analyze traffic, and show where everything's held together by hope.
API-sikkerhet
PIs are your digital nervous system. If they're open, you're vulnerable. We test for injections, IDOR, mass assignment, rate limit bypasses, method abuse. We show exactly how attackers will use your open interfaces against you.
External & internal penetration testing
Threat isn't always external. We check how easy it is to break in from outside and what damage can be done once attackers are inside. We model worst-case scenarios while you're still in the game, not at a breach press conference.
Testing av samsvar
Audits are stressful if you're unprepared. SOC 2, DORA, NIST CSF, FISMA, FedRAMP all require proof, not promises. We run checks early so you're not patching holes in fire drill mode two days before review.
Containersikkerhet
Containers speed deployment but hide dangerous bugs. We check images, Dockerfiles, Kubernetes manifests, volume mounts, network settings, access rights, CI/CD integrations. You get a clear threat picture before going live.
CI/CD pipeline security
Security must be integrated into the process. We implement dependency scanning, secret management, permissions controls, and secure builds to make sure that DevSecOps is not just another buzzword but an actual practice.
Sikker kodegjennomgang
Automation doesn't see logic, only humans do. We manually analyze code for vulnerabilities scanners miss: authorization errors, business rule bypasses, improperly implemented access mechanisms. We look as attackers: where, how, and why things break. Last chance to catch vulnerabilities before production.
Red team exercises
We model full-scale attacks: from phishing to complete infrastructure takeover. This isn't "bug hunting," but testing your team's readiness, processes, and entire defense system for real warfare.