About us
Security.Rocks is an independent Dutch cybersecurity company, founded by Wouter van der Houven and Joeri Kock, two experienced ethical hackers (ex-KPMG) with a Master's Degree (MSc) in cybersecurity.
After hundreds of pentests and SAP assessments, we saw too many theoretical advices without concrete help. That's why we keep it simple: we hack, show what's wrong and deliver a fix-it list that you can execute tomorrow.
Okay, but what do we do?
Security Bootstrap
For SMEs that want to make a flying start in security.
With our Security Bootstrap we help SMEs to quickly go from 0 to 100 in their security. This service consists of a wide range of tests. It is our answer for companies that want to start with security but do not know where to start.
Pentesting
For companies that want certainty about the security of their application, system or network.
With our penetration tests we thoroughly test websites, applications, products, systems and networks for security flaws. By looking like a hacker we often find angles and problems that are overlooked during development.
SAP Assessments
For companies that want certainty about the security of their SAP landscape.
Our SAP landscape assessments take the entire SAP landscape to the test. We uncover vulnerabilities in configuration, patching and usage across the entire OTAP. We then use these to construct attack paths that provide insight into how a hacker can move through your SAP landscape. So that you can then effectively break the chain.
Secure Code Training
For companies that want to teach their employees to recognize unsafe code.
The origin of vulnerabilities is always in the code. In our Security for Developers training we teach developers to hack. This way they learn to recognize standard patterns where vulnerabilities can creep into an application and in the future they will jump when they see this in practice.
Our Team
We are a team of experienced penetration testers with a Master's degree (MSc) in cybersecurity and a passion for improving the security of IT systems. With a proactive approach, we help minimize security risks and, in addition to testing, we also offer in-depth knowledge and practical experience in areas such as Security by Design and DevSecOps.
At Security.Rocks, our mission is to make cybersecurity attainable and affordable for organizations of all sizes and budgets. With practical, cost-effective solutions, we demonstrate that essential security doesn’t have to be complicated or expensive, and that proactive measures are the key to protecting your business from hackers.
Proven expertise
Our specialists have seen more vulnerabilities over the years than we have had cups of coffee. Most of them are forever behind non-disclosure agreements, but the following feats we can share and show exactly why our people at Security.Rocks make the difference.
What are we proud of?
COVID-19 tracing-apps
Result: The ministry was able to adjust its strategy and avoid privacy issues.
Wouter and Joeri were involved in testing the security in the 'appathon' for the Dutch Coronamelder. They found such serious vulnerabilities that all prototypes were rejected and the ministry completely switched to a new, own and more secure design. Click here for the report .
Koningsdag Thuis
Result: A livestream for millions of people with the Royal Family, without any notable incidents.
To ensure that everyone could still be together during the Corona period, 'Koningsdag Thuis' was developed. This was an online platform where people could share their recorder performances, covers and magic tricks on a livestream with the rest of the Netherlands. Wouter and Joeri were involved in the security of this platform. They created the threat model, set up hard mitigations and tested the platform that hosted the livestream of the Royal family during the lockdown. Result: no significant incidents on the day itself.
SAP Security Researcher
Result: Recognition from SAP for Security.Rocks as SAP Security Researcher.
During our security research we found a vulnerability in the login functionality of SAP. We reported this vulnerability to SAP and received our rating as SAP Acknowledged Security Researcher .
VNG Hall of Fame
Result: Recognition by the Association of Dutch Municipalities for Security.Rocks through inclusion in the VNG Hall of Fame.
In our general security investigation we found a vulnerability in an application of the municipality of Utrecht with which we could perform unwanted actions on users. We reported this vulnerability and as a result we were included in the Hall of Fame of the Association of Dutch Municipalities (VNG).