Brand Name

Security is just an IIIusion

Even companies with excellent protective measures realise that in cyberspace 100% security is not achievable. There are a lot of more or less mature security products and processes, but the number of existing vulnerabilities in software lies in an astronomic range. And security products are no exception.

SERPENTEQ strives to help companies in detecting and mitigating vulnerabilities holistically and systematically. We want our customers to know all critical risk and to make the right decisions for their business based on that knowledge. This only works when we as consultants discuss benefits and limitations of security measures in an open and honest way.

We want to express this philosophy of an open and honest approach with our maxim "Security is just an IIIusion".

What we offer


  • wb_incandescent

    Awareness Workshops for Managers (SQ-AWM)

    We have seen many security initiatives where companies spent months testing but "overlooked" their entire SAP landscape. Because management frequently doesn't know that the SAP landscape is more complex than any other part of their IT infrastructure.

    We offer 1/2 day awareness workshops that help managers understand the magnitude of risks in their SAP landscape.

  • find_replace

    Cyber-Security Assessments / Penetration Tests (SQ-CSA)

    Cyber-crime is a growth industry. Therefore cyber-security is a must-have for all companies in order to protect their competitive advantage, productivity and good image. In defense against cyber-attacks, there is no second chance. Our experienced experts can provide you with a 360° view of your SAP cyber-risks.

    We offer comprehensive assessments of critical and exposed systems in your IT/SAP landscape.

  • spellcheck

    Code Reviews (SQ-CORE)

    It only takes one coding flaw for a hacker to break into your most critical systems. We have reviewed millions of lines of code for various types of implementation, design and architecture flaws. We are deeply familiar with the benefits and limitations of code scanners. And we are convinced that when it comes to critical applications, there is no substitute for a human tester's ability of lateral thinking.

    We offer manual code analysis of critical applications (SAP, HANA, Web) for C/C++, ABAP, Java and other web scripting languages.

  • school

    Custom Security Trainings (SQ-CST)

    The only thing worse than making mistake is repeating mistakes. In every Cyber-Security Assessment we uncover vulnerabilities and provide advice to mitigate them. But companies benefit even more from our work, if they send their teams to our customized trainings that teach them how to avoid the exact vulnerabilities found on their systems in the future.

    We offer 2-5 days customized security workshops that provide developers with detailed knowledge of the most dangerous and most common mistakes found in their applications.

Who we are

Our team comprises experienced security analysts that have reported several hundred so-called "Zero Day" vulnerabilities in standard software to the respective vendors and helped mitigating them. We present stunning output from our research in professional articles, at security conferences and workshops on a regular basis. Our core area of security expertise lies in SAP technologies and code audits of exposed systems of any technological kind.

The photos were taken in July 2019 during our summer-security-workshop in Iceland.

    • Tim Kränzke Managing Director

      Tim has a background in IT hardware, IT support and IT system installation and has more than 30 years of professional experience in various management positions in the IT industry. Tim is a an Industry Information Scientist and holds a Master's degree in Business Management from the Rhein-Ahr-Campus in Remagen. Over the past 18 years, he has worked for well-known companies of various sizes in the field of SAP Enterprise Security. He has been a speaker at IT conferences such as Cyber Security - Oil, Gas, Power, it-sa and DSAG. Before joining SERPENTEQ, he was a member of the management board of a large SAP security company and was responsible for sales, pre-sales and back-office.

      Tim took over the management of SERPENTEQ from Andreas Wiegenstein in 2023.

    • Xu Jiafingerprint Co-founder

      Xu started his journey into the SAP security adventure in 2006. He was the architect of the first advanced static code analysis tool for the SAP-specific language ABAP. Together with Andreas, he held multiple stunning talks at SAP-specific security conferences as co-speaker and demonstrated a considerable number of curious bugs over the last years. His work of zero-day research is honoured in the halls of fame of google, mozilla, paypal and credited by SAP.

      At SERPENTEQ, Xu's primary job is to secure leading companies with his excellent knowledge in penetration testing and security awareness.






    • Andreas Wiegensteinfingerprint Co-founder

      Andreas is a pioneer in SAP security. He already discovered many zero-days in SAP software in 2003 - long before SAP had a response process in place. Andreas substantially contributed to raising awareness for ABAP security among developers and customers and supported development of a market leading ABAP code scanner. He has trained leading companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences like TechEd, DSAG, BIZEC and SAPience as well as at general security conferences such as Troopers, IT Defense, Black Hat, HITB, DeepSec and RSA. He identified the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI) and is co-author of the first book on ABAP security (SAP Press 2009).

    • Julia Hansfingerprint Co-founder

      Julia's professional career in SAP security area started in 2012. After obtaining her master's degree in computer science, she performed multiple security audits of various SAP as well as non-SAP products, platforms and custom applications. Also, she helped management and teams in leading international companies to raise security awareness in their SAP landscape. Julia has also been researching new vulnerabilities for several years and prepares exploits for educational purposes and awareness workshops on a regular basis.

      At SERPENTEQ, her focus is to coordinate and conduct penetration testing projects.





    • Jianfeng Wangfingerprint

      Jianfeng, an experienced SAP veteran, joined SERPENTEQ in 2021 to extend our research and pentesting team. We are happy to count on his deep technical skills of SAP technologies and solutions which he gained during his 12 years of work at SAP in Walldorf. Besides his involvement in the development of multiple SAP solutions, he also shared his knowledge in talks at several SAP conferences.

      Whenever time permits, Jianfeng works on new concepts for security solutions.

Contact / Imprint



  • people

    Managing Director

    Tim Kränzke

  • pin_drop

    Address

    SERPENTEQ GmbH
    Hauptstrasse 25
    69117 Heidelberg
    Germany

  • phone

    Telephone

    +49 (0) 621 4825876

  • mail_outline

    Email

    infoserpenteq.com

  • account_balance

    Register Entries

    Register Court: Mannheim
    Registration No.: HRB 728980
    Tax ID No.: DE314497255

  • share

    Follow IIIusion

copyright Copyright

All rights reserved. Text, images, graphics, sound, animations and videos as well as the arrangement of the same on SERPENTEQ websites are protected by copyright and other commercial protective rights. The content of these websites may not be copied, disseminated, altered or made accessible to third parties for commercial purposes. In addition, some SERPENTEQ websites contain images that are subject to third-party copyrights.