CCLab proposes a step-by-step approach to its clients during security evaluations, using methodology based on our own Common Criteria experience.
The essence of the methodology is to analyze the documentation and in certain cases the source code before and during the vulnerability assessment phase of the target. This way a greater set of flaws could be identified and then corrected, because we gain a more detailed knowledge about how the target in scope works. Based on the deficiencies/vulnerabilites found, we perform a “generalization” of the errors, provide recommendations about how to eliminate or correct them and perform a re-check.
The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually.
For us “Application Security” means covering the entire product development
lifecycle - from design to implementation and testing - including training.
If you need to make sure your product meets the highest cybersecurity requirements then You are the right place. A wide range of services are available thanks to our competences within security evaluations.
Using Evaluation Methodology to analyze the operation and reveal possible vulnerabilities.
Our methodology is broader than ethical hacking, as it has expanded by our systematic evaluation methodology, which focuses on practical implementation. (conceptual black box testing, gray box testing and white box testing)
Examples of errors that can be corrected during hardening: lack of input validation (SQLi, XSS, RFI, LFI); bypassing of entitlement levels; weakly or poorly implemented cryptographic algorithms; memory management problems (Buffer Overflow), session management issues (session fixation, replay attack); vulnerabilities due to incorrect configuration.
This is a full site inspection which involves recognizing human behavioural patterns; examining areas in accordance with regulations; observing and enforcing security measures and deception, distraction; human behavioural change and social engineering techniques by applying information security awareness control.
For mobile applications CCLab proposes to follow the OWASP Mobile Application Security Verification Standard.
The evaluation process is based on MASVS-L1 Standard Security level and additionally extended to MASVS-L2 Defense-in-Depth level.
BCM consulting, BCP and DRP creation, UAC (User Acceptance Test) and security testing design and management, site security screening.
Our consulting services include architecture and design analysis against the given security requirements, based on the product’s schematics and documentation. Amongst others we have great experience in smart meter hardware data security, evaluating the external (serial optical, ethernet, etc.) and internal interfaces (JTAG, other serial communication ports, etc.), tamper detection/prevention solutions for instance.