Security design review

This service is somewhere in between architecture design and penetration testing in the cybersecurity lifecycle. Especially for complex systems it is much cheaper to address cybersecurity issues at the architectural stage than to patch existing systems. In addition, there may be security weaknesses that can be filtered out at the architectural stage but cannot be addressed later (or only by workarounds, trade-offs). We provide a full-range service, we look at everything that has software in it, and this is where our pentest and malware experience comes in handy.

What are you looking for?

Areas

Cyber-physical systems

The system is a combination of hardware and software/firmware components, both of which can pose security risks and both of which need to be assessed in a complex way. They often run protocols serving specific purposes, which need to be known in order for the security design review to be successful.

Software

We examine whether a particular piece of software is secure, whether Confidentiality-Integrity-Availability can be compromised. The design must take into account that functionality must not be affected, while at the same time the protection must be proportionate. It is necessary to know the threat landscape, attack vectors, and the software's use cases, future applications. We can also help to map other security requirements: what measures are needed to achieve the requirements.

Mobile application

It is similar to the software security design review. The difference lies in the specific mobile environment (IOS and Android, also the specific mobile platform itself). For example, if an application wants to use biometrics for identification, you need to know the phone's software, operating system and how they fit together.

Complex systems

It is a conglomerate of several devices organised according to certain principles (like a production line or a whole factory), so such a task may require systems engineering skills. You need to define zones, lines of communication.