Shortcuts to the project
Cap3 GmbH, based in Kiel, develops web and mobile applications for various industries. For a health app developed by Cap3, we conducted a comprehensive security analysis, including an external penetration test. Based on the security report, we identified specific vulnerabilities and formulated recommendations to strengthen security measures early in the development process going forward. The results were immediately incorporated into the app’s further development—and laid the foundation for a trusting, ongoing collaboration.
Our Project Approach
- 1
Planning and Understanding System Architecture
Together with Cap3, we first defined the scope of the audit and gained a clear understanding of the app’s architecture and functionality. This allowed us to lay the foundation for a targeted and effective security analysis.
- 2
Automated Risk Detection
Using specialized tools, we performed an automated code and logic analysis. This allowed us to identify and prioritize potential vulnerabilities early on.
- 3
Field tests under real-world conditions
In manual tests, we verified the results and simulated targeted attacks—such as by bypassing verification measures or manipulating communication channels. This allowed us to gain realistic insights into the actual threat potential.
- 4
Analysis and Recommendations for Action
We compiled all the results into a clearly structured security report. In it, we assessed risks, documented vulnerabilities, and provided specific recommendations on how Cap3 can make the app even more secure in the future. We discussed these recommendations together during the final workshop.
Sustainable App Security Through Precise Analysis and Optimized Testing Methods
The app we tested featured an exceptionally secure communication architecture that could not be fully verified using standard analysis tools. Thanks to test endpoints specifically provided by Cap3, we were nevertheless able to conduct the security analysis efficiently and accurately.
Since mobile applications entail specific security requirements, we specifically refined our testing methodology during the project and have since fully professionalized it. The result was a detailed security report containing technical descriptions, risk assessments, and clear recommendations for addressing the identified vulnerabilities.
Today, we regularly support Cap3 in securing new releases—as a trusted partner for sustainable application security.
Contact us if you want to specifically strengthen the security of your applications and minimize risks in the long term.


