For more than 20 years, we have been helping companies develop and deploy software securely.
mgm security partners provides the entire spectrum of web application security services. We advise on all issues related to the security of web applications and mobile apps, perform analysis and penetration tests and develop security solutions.
In seminars and trainings we share our experience with software developers, security managers and managers.
Security analysis by means of simulated attacks and an external analysis of the behaviour of the application.
Read more…
Workshops lay down the foundations for long-term security in the early phase of a software project.
Read more…
Security by analysing the interaction of client, server and communication.
Read more…
The use of manual and tool-supported, as well as fully automatic, inspection to identify vulnerabilities directly in the code.
Read more…
We pass on our specialist knowledge to software developers, security personnel and managers.
Read more…
From the introduction of a software security strategy to the integration of security tests into deployment processes.
Read more…

New Can I Trust Test Case: Browser returns secret out of pre-cached response in a CORS-Request
#1 – New Can I Trust Test Case – Browser returns secret out of pre-cached response in a CORS-Request

Update – WordPress Author Security
Update: Our WordPress Author Security Plugin is now available in the WordPress Plugin Store.

WordPress Author Security
How can you actively prevent usernames from being enumerated on WordPress author pages?

Pentest FAQ – #18 and #19 – How are vulnerabilities found evaluated? And what is the CVSS?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: Questions #18 and #19 – How are vulnerabilities found evaluated? And what is the CVSS?

Attack Afternoon – CSRF Countermeasures #2
CSRF Countermeasures #2: Another way to protect against CSRF – stateless – is the Double Submit Cookie method.