mgm security partners GmbH is specialized in application security - with the experience of more than 15 years.
Software Development Consulting and Support
- Our Lean Application Security approach enables the implementation of "Security by Design", "Shift Left" and DevSecOps for every software project.
- Our consultants have experience in modern agile software development.
- We apply tools such as risk analysis/threat modeling, security architecture, development specifications, security QA cycles, security test automation, code reviews - tailored to the requirements of the project.
- Establishment of security test automation in the build chain using open source tools or commercial tools.
- We have the experience of thousands of tested web applications, mobile apps and fat clients (e.g. IoT).
- Our pentest team consists of highly qualified, highly motivated security enthusiasts with appropriate certifications (e.g. OSCP). We live a culture of continuous education.
- Our offshore location in Vietnam enables us to deliver the highest quality at very competitive prices.
- We take a lot of time to advise interested parties in the pre-contract phase
- We deliver the results not only as a document, but structured in various formats. We also present our findings with the help of an interactive reader, which allows the recipient an individual sorting and export function.
Large-Scale Penetration Tests
We serve large customers with very high test volumes (several hundred tests per year) and have developed a large scale penetration testing approach:
- We take over the organization and handling of the pentests in direct communication with the projects.
- Integration into the handling processes and project workflows (e.g. by directly feeding the pentest and code analysis findings into JIRA).
- Efficient analysis of the test scope required in terms of protection requirements and application size.
- Manual code analysis / code reviews for security.
- Use of market-leading commercial code analysis tools (e.g. Checkmarx) on a project basis (purchase by the client not required).
- Integration of SAST tools into the build chain.
Application Security Seminars
- Application security best practices for developers, security staff, decision makers.
- Secure coding for developers and architects at beginner or advanced level.
- Secure Coding for SAP Hybris developers
- Penetration testing of web applications for beginners or advanced users.
- Awareness lectures for decision makers.
- We use a powerful exercise environment, which is also available after the seminar.