Cybersecurity
Evaluation
Companies who chose us
Cybersecurity evaluations with methodology based on our Common Criteria experience
CCLab proposes a step-by-step approach to its clients during security evaluations, using a methodology based on our own Common Criteria experience.
The essence of the methodology is to analyze the documentation and in certain cases the source code before and during the vulnerability assessment phase of the target. This way a greater set of flaws could be identified and then corrected because we gain a more detailed knowledge about how the target in scope works. Based on the deficiencies/vulnerabilities found, we perform a “generalization” of the errors, provide recommendations about how to eliminate or correct them, and perform a re-check.
The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually.
For us “Application Security” means covering the entire product development
lifecycle - from design to implementation and testing - including training.
Would you be interested in secure coding?
SecDevOps?
If you need to make sure your product meets the highest cybersecurity requirements then You are in the right place. A wide range of services are available thanks to our competencies in cybersecurity evaluations.
We provide the following cybersecurity evaluation services for software and hardware products
Vulnerability assessment
Using Evaluation Methodology to analyze the operation and reveal possible vulnerabilities.
Penetration testing
Our methodology is broader than ethical hacking, as it has expanded by our systematic evaluation methodology, which focuses on practical implementation. (conceptual black box testing, gray box testing and white box testing)
Hardening
Examples of errors that can be corrected during hardening: lack of input validation (SQLi, XSS, RFI, LFI); bypassing of entitlement levels; weakly or poorly implemented cryptographic algorithms; memory management problems (Buffer Overflow), session management issues (session fixation, replay attack); vulnerabilities due to incorrect configuration.
Security audit
This is a full site inspection that involves recognizing human behavioural patterns; examining areas under regulations; observing and enforcing security measures deception, and distraction; human behavioral change, and social engineering techniques by applying information security awareness control.
For mobile applications, CCLab proposes to follow the OWASP Mobile Application Security Verification Standard.The evaluation process is based on the MASVS-L1 Standard Security level and extended to the MASVS-L2 Defense-in-Depth level.
Security by design
BCM consulting, BCP and DRP creation, UAC (User Acceptance Test) and security testing design and management, site security screening.
Secure coding training
We organize and keep professional secure coding trainings for developers (Java, JavaScript, C, C++, C#, Python).
Hardware security analysis
Our consulting services include architecture and design analysis against the given security requirements, based on the product’s schematics and documentation. Amongst others we have great experience in smart meter hardware data security, evaluating the external (serial optical, ethernet, etc.) and internal interfaces (JTAG, other serial communication ports, etc.), tamper detection/prevention solutions for instance.
Testimonials
Kenneth Lasoski
Versa Networks
Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.
Thierry Bonda
Landis+Gyr
CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.
Jake Nelson
Corsec Security Inc.
The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.
Alexander Testov
AO Kaspersky Lab.
"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."
Dayton Marcucci
HID Global
The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.
Jaime Chica
NXP Semiconductors
It was a well-managed project which achieved success in an effortless manner.
Kalev Pihl
SK ID Solutions
We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.
Israr Ahmed
Ascertia Ltd.
On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.
Zsolt Rózsahegyi
I4P Informatics Ltd.
Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.