Security testing is the process by which the security of an
organisation is systematically tested. Testing is performed with the
same means that malicious users use, under a methodology that makes the
results of the tests beneficial to the under assessment organisation. The
scope of the tests is not limited only to hardware and software resources, but includes all
aspects of the organisational structure, such as processes and human resources.
- Tiger Team - The ultimate security test; covers all aspects of an organisation's infrastructure.
- Penetration Testing - Customer-controlled security testing attacks.
- Web Application Testing - Security testing for custom and off-the-shelf web applications.
- Network Infrastructure Testing - Checks the security parameters of network components such as switches, routers, IPS, IDS, firewalls etc.
- Social Engineering - Tests the information security awareness of personnel.
The resulting information from our security testing sessions is provided in strong
classification with regards to the threats and the risks associated with the identified
and exploited vulnerabilities.
A vulnerability is a state in a computing system that violates that system's security model. At
we recognise that security is not a goal but a process, therefore we heavily invest in research for unknown vulnerabilities as part of our security assessment services.
Our vulnerability research services ensure that a software product, a system implementation, or a new technology that an organisation is planning to invest in meets strict security requirements and does not suffer from vulnerabilities. We can provide detailed deliverables that empower the client to make informed strategic decisions towards new technologies, choose the most secure solution that meets his requirements, and preemptively reduce investment risk.
If your company is developing software, or purchasing custom software, then you must always be vigilant about vulnerabilities that can undermine the security of the end product and of the underlying operating system.
has extensive experience in auditing source code both for insufficient input validation vulnerabilities (like buffer overflows, XSS, SQL injections) and logic flaws (such as race conditions, concurrency violations).
Unlike traditional code auditing approaches, we do not rely on automated mechanisms to identify vulnerabilities. Instead, we follow a top-down approach which allows us to gain an understanding of the investigated system and provide a detailed source code vulnerability report to our clients.
- x86 Assembly
Furthermore, we can provide training services for your company's developers in order to educate them about potential security vulnerabilities. We can help you enhance your software development lifecycle by incorporating security engineering principles into it rather than adding security as a retrofitted feature.
Digital evidence plays a crucial role in modern crime investigations, since people rely more and more on computer infrastructures for both business and personal affairs. Crimes involving the unauthorized access to systems, processes and data, corporate espionage, cyber warfare but also identity theft, are all activities that are associated with some form of data manipulation, and as such, leave a digital trail.
Malware is software written with the intent to attack computer systems and steal valuable data or gain full control of the underlying operating system and misuse its available resources (bandwidth, storage space). Today, organizations face a growing threat from targeted malware attacks.
- the high level objectives and business impact of the analysed malware.
- the infection and spreading capabilities of the analysed malware. We employ a set of techniques (e.g. reverse engineering, disassembling, run-time monitoring) to fully explore the captured malicious piece of software.
- methods of disinfection and damage control procedures necessary to ensure business continuity.
we are very experienced at developing custom security software solutions. We can provide small, targeted applications tailored to specific needs, or large, enterprise-wide systems. We can also work as part of your development team in order to implement your security requirements.
Our primary focus is on custom applied cryptography solutions. Examples of previous contracted work include securing the communications and data transfers between existing systems and applications, enterprise PKI, secure storage and authorization databases. We advocate the use of published and widely adopted cryptographic algorithms and building blocks that have undergone academic scrutiny.