This service is somewhere in between architecture design and penetration testing in the cybersecurity lifecycle. Especially for complex systems it is much cheaper to address cybersecurity issues at the architectural stage than to patch existing systems. In addition, there may be security weaknesses that can be filtered out at the architectural stage but cannot be addressed later (or only by workarounds, trade-offs). We provide a full-range service, we look at everything that has software in it, and this is where our pentest and malware experience comes in handy.
The system is a combination of hardware and software/firmware components, both of which can pose security risks and both of which need to be assessed in a complex way. They often run protocols serving specific purposes, which need to be known in order for the security design review to be successful.
We examine whether a particular piece of software is secure, whether Confidentiality-Integrity-Availability can be compromised. The design must take into account that functionality must not be affected, while at the same time the protection must be proportionate. It is necessary to know the threat landscape, attack vectors, and the software's use cases, future applications. We can also help to map other security requirements: what measures are needed to achieve the requirements.
It is similar to the software security design review. The difference lies in the specific mobile environment (IOS and Android, also the specific mobile platform itself). For example, if an application wants to use biometrics for identification, you need to know the phone's software, operating system and how they fit together.
It is a conglomerate of several devices organised according to certain principles (like a production line or a whole factory), so such a task may require systems engineering skills. You need to define zones, lines of communication.
Detailed situation assessment, understanding the context of the analysis
Close and active cooperation throughout the process
We take into account the latest standards
Educational, transparent and detailed report to upgrade your security posture
We have real professional knowledge and industry experience
All our results are delivered with business usability in mind
Professional excellence, customer oriented attitude
Follow-up, additional training and consulting sessions as requested
Copyright 2021 Ukatemi Technologies LLC.