Send e-mail to ACROS SecurityACROS Security's public PGP key  


ACROS Application Security Analysis

With this "Vulnerability Extermination" service we find security defects in banking, commerce, business, mobile, virtualization, security and other software that you develop or use before anyone else finds them.

Some of our most demanding customers hire us for finding critical vulnerabilities in products built by security-knowledgeable people, reviewed with best automated tools and analyzed by other experts.

And they like what we find.

>> More...

ACROS Penetration

In a simulation of a real "Advanced Persistent Threat" attack against your information system, we become your friendly attacker and try to penetrate into the most critical parts of your networks, databases, services and applications in a controlled and managed fashion.

A test like this is the only way to see how well you're really prepared for a targeted attack.

>> More...


We help you reach informed security-related decisions in application development, when setting up online services and protecting your IT infrastructure.

>> More...



"We routinely engage ACROS Security when we need a security review of our most popular products."

(CSO at global software vendor with multi-billion revenue)

"We've been leveraging ACROS to perform pentests on most of our acquisitions and we've been very happy with their services."

(Project contact at leading global online company with hundreds of millions of registered users)

>> More...


It has always been our strategy not to specialize in any particular technology. We're constantly surprising our customers with security defects in desktop or mobile applications, on any operating system, in office devices, network equipment and appliances, complex web applications and online banking systems, anywhere from smartcard applets and web applications to virtualization engines and language interpreters.

>> More...

Acknowledgments &

Many of the world's largest software vendors have fixed vulnerabilities we reported to them and thanked us for helping them keep their users secure.

>> More...

About ACROS Security

ACROS Security is specialized in providing advanced security analyses of products and systems. Our in-depth security research pushes the boundaries of global knowledge, keeps our customers ahead of competitors and users safe from attackers.

We work for leading financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.

>> More...

Follow Acros Security on Twitter
...for updates on our security research.

ACROS in the Media

New Scientist, "Five ways to rob a bank using the internet"
(Oct 2013)

SC Magazine, "Robbing banks at a security conference - legal or not?"

Help Net Security, "The future of attacks on banking systems" (Podcast)

ZDNet, "Should we be focusing on vulnerabilities or exploits?"

>> More media references...

Latest Public Advisories

VMware Movie Decoder Installer msiexec.exe Planting [Vendor Security Advisory]

>> More advisories...


ACROS contributed to the IsTrueCryptAuditedYet? project.
(November 2013)

ACROS blog: Winning An Online Lottery In Just 6 Tries
(June 2013)

Mozilla launched Beta 2 of Mozilla Persona, which ACROS was hired to perform a security analysis of.
(April 2013)

ACROS presented "How To Rob An Online Bank And Get Away With It" at RSA Conference Europe 2012 in London. Slides are here.

ACROS blog: Anatomy Of An Online Bank Robbery

ACROS blog: User-in-the-Middle

ACROS presented "How To Rob An Online Bank And Get Away With It" at Source Boston 2012. Slides are available here.

ACROS blog: Adobe Reader X (10.1.2) msiexec.exe Planting

ACROS presented "Advanced (Persistent) Binary Planting" at RSA Conference USA 2012. Slides are available here.

Information Commissioner of Slovenia awarded ACROS the title Ambassador of Privacy for 2011 for our privacy project "SLED".

ACROS blog: Is Your Online Bank Vulnerable To Currency Rounding Attacks?

>> News archive...