The BACPP certificate by binsec academy GmbH has been established since 2018, now it has received the official “knighthood”: The BACPP (Binsec Academy Certified Pentest Professional) is now officially recognized and listed by the German Federal Office for Information Security (BSI) as a qualified proof of competence for penetration testers. What we have been practicing … [Read more…]
The era of the generalist is over. Anyone claiming to cover everything from web shop scans to state-actor simulations with a single team usually delivers nothing more than ill-fitting mediocrity. That is why we founded the Pentest Collective – an ecosystem of specialized units designed to meet highly specific client requirements. The binsec group GmbH … [Read more…]
We’ve seen this moment before. When PHP took off, web development changed almost overnight. Suddenly, it felt like anyone could build a website. A bit of copy and paste, a few tutorials, cheap hosting and you were live. The barrier to entry dropped dramatically. Speed and innovation increased. The internet exploded. A lot of things … [Read more…]
The market for pentesting providers is large. Too large. The gap between automated scans, generic reports, and truly in-depth penetration tests is significant. Choosing the right service provider ultimately determines whether you are just ticking compliance boxes or actually uncovering real security risks. This selection is intentionally subjective and handpicked. It is not based on … [Read more…]
Many penetration testing providers deliver clean reports, well-structured findings, and clear risk classifications. Yet they often fail to answer the one question that actually matters. What happens when an attacker does not stop after the first vulnerability? This is exactly where Exfilion positions itself. Exfilio is a specialized offensive security boutique focused on exploit development, … [Read more…]
OWASP ZAP is one of the most well-known tools in web pentesting. Sooner or later, most people come across it. In trainings, labs, or early hands-on experience, it is often one of the first tools used. In professional pentesting, however, it tends to play a smaller role. What is OWASP ZAP? OWASP ZAP is an … [Read more…]
In application security, two references appear particularly often: the OWASP Top 10 and the CWE Top 25 Most Dangerous Software Weaknesses. Both lists are frequently mentioned in security guidelines, training materials, and penetration testing reports and aim to highlight common security problems in software. At first glance, both lists appear to describe the same thing: … [Read more…]
The Penetration Testing Execution Standard (PTES) describes a structured methodology for conducting penetration tests. The goal of the standard is to define the typical project phases of a penetration test and thereby create a transparent process from planning to reporting the results. The standard emerged around 2010 as a community-driven initiative by security professionals. To … [Read more…]
No agency. No buzzword bingo. No compliance theater. Just a team of ethical hackers who think about security from the perspective of real attackers: The focus is clearly on manual security testing: web applications, APIs, infrastructure, and cloud environments. Automated tools are only the starting point. The relevant findings come from experience, creativity, and thinking … [Read more…]
Until now, the global security community believed that TCP ports end at 65535. This assumption was widely accepted, documented, and implemented in virtually every scanner on the market. It is rooted in a simple math problem involving only 0 and 1. The calculation appeared sound, was easy to implement, and therefore became an unquestioned industry … [Read more…]
