Services

Over the years, technology has grew our information systems in scope, complexity and criticality. Unfortunately, our adversaries have become more sophisticated with their capability in vulnerability analysis and exploitation. Below are the types of assessments and analysis we typically perform.

Red Teaming / Penetration Testing

    This is a focused threat based effort by a simulated adversary to expose and exploit vulnerabilities to achieve their goals. Typical adversaries modeled includes Corporate/Industrial Espionage, Terrorist and Insider Threats. Evaluates the entire environment and can include a combination of external attack, internal attack, social engineering, war dialing, war driving and physical penetration.

Copy Protection Assessment / Consulting

    This focuses effort on the copy protection used by your companies software. We take the software that is provided to the customer, determine the copy protection used and attempt to break the protection for the purposes of illegally using the software using static and dynamic reverse engineering techniques. We also provide the adversary level it would take to break your protection so you can determine whether current protection methods are adequate.

Enterprise / Mobile Application Security Assessments

    This involves the systematic analysis of the application at hand, whatever the development language and whether source code is available or not. Possible areas to review would include static and dynamic reverse engineering, authentication, session management, input/output manipulation and information leakage.


Software Security Design Consulting

    Our Design Assessment methodology identifies real-world threats based on existing designs and relevant security requirements and analyzes the ways in which any of these theoretical threats can be realized as successful attacks. A successful attack is one which succeeds in violating the security requirements, for instance obtaining access to sensitive protected content, keys, algorithms, licenses, libraries, etc.