All SolutionsCareers

Security Testing

Applications need to be secure and protect their users’ data. In the short term, security testing can reactively help you solve existing vulnerabilities in your application(s). In the long term increased security awareness can proactively streamline the process of fortifying your application(s) and new features by integrating security testing.

How we help you by testing

Different forms of security testing


Penetration Test

Perform a penetration test against your company network or application infrastructure. The test can be followed by your security team for detection, monitoring and mitigation.

  • Web application (frontend) based on the OWASP Top 10 of most common vulnerabilities
  • API security (backend) based on the OWASP API Security Top 10


Device security

XFA software ensures that only secure devices are used for work. They conduct essential checks on each device upon login, such as up-to-date operating systems and browsers, disk encryption, password configuration, etc. This enables you to mitigate 90% of the risk.


Phishing campaign simulation

Simulate a phishing campaign to increase cybersecurity awareness of your employees. Always tailored to your company, in cooperation with our partner KnowBe4.


Trainings and bootcamps

Provide training to your employees on a variety of topics regarding security. Trainings can be online or on-site. See The Bright Academy for more information.

In cybersecurity, it's often human errors that pose the biggest risks. Stay sharp and stay safe!

Frequently asked questions

  • What's the process?

    1. Scope determination
      Which applications, API’s and infrastructure must be included in the tests?
    2. Kick-off & preparation
      Set up a test environment with the technical team and schedule a follow-up meeting with all relevant stakeholders.
    3. Test execution
      We test your application/infrastructure or set up a phishing simulation. In addition, an automation setup is possible, if applicable for the type of test.
    4. Reporting & knowledge sharing
      Team leader coordinates and bundles reporting.
    5. Follow-up & training
      If requested we can provide follow-up and if useful organize training for your in-house QA’ers.
  • Do you work with partners?

    Yes, we have a partnership with Zerofeed and XFA.

  • Which tooling do you use?

    We are vendor-agnostic and always search for the perfect fit with the client/project. In the past we already worked with postman, portswigger and Kali.

  • What is the lead time of a project?

    This varies. For a pentest we aim at 10 working days.

  • How often should you conduct penetration tests?

    This varies and is dependent on factors like: regulatory requirements, the complexity of the systems, and the organization’s risk profile. As a general rule, we recommended at least annually or after significant changes to the system/implementation of a new system/website/application/…

Other solutions

Let’s work together

Curious to see how we can help your organization with security testing?

Talk to an expert