A: Depending on the subject of the investigation, we use a test procedure based on the OWASP Top 10, which also takes individual risk situations into account. The review of the subject matter attempts to gain unauthorized access to the application, systems, individual functions, or critical platform components; to read or falsify data without authorization; to compromise the availability of the application, systems, or data; and to place the application and systems used in an undefined state.