IT Security Audit


IT security audits include all activities that survey and evaluate the current security level of an audit target such as your system or application, in order to specify measures to improve it. In this way, the individual areas of the CYBERBELT© – penetration tests, code reviews and Red Team Operation audits – can be mapped in an IT security audit according to the audit objective and your requirements. The IT civil engineer’s report – authorised and sworn by the state – contains the results from the various activities, as prepared by our IT specialists for you.


Social Hacking – Red Team Operation


This method utilises “human” vulnerability to penetrate your computer system or network. The Red Team of performs targeted cyberattacks and e-espionage activities, based on a coordinated scenario between the executive management and the works council, in order to detect security vulnerabilities in your systems before they can be discovered by unauthorised individuals. The result consists of a vulnerability report including a catalogue of measures with all identified risks for optimising IT security within your company.




During the course of a penetration test, a cyberattack on your systems is simulated in order to analyse your application system for security vulnerabilities. To ensure that the simulated cyberattacks are performed realistically, ZTP’s white hackers have no background information concerning the application but rely solely on the information they can find (“black box auditing”). If a security vulnerability is discovered it is analysed in detail, penetrated, verified and documented in a test report. This allows you to identify where action is required, thus enabling you to more efficiently assess occurrence scenarios so that you can set your priorities more sensibly.




With the code review the entire source code of your application, in the context of an audit, is subjected to inspection. This quality assurance measure is used to proofread your application during or after development to identify possible errors, simplifications or test cases. Using innovative tools from market-leading software developers, an automated and static analysis of source code is performed in which the program properties of your application are checked and all data flows are traced (“white box auditing”), with the aim of extensively documenting any anomalies and vulnerabilities. The qualified employees of evaluate these results, and you receive a written recommendation for the elimination of security flaws in the form of an IT expert opinion.

Request more information,


Request now