(HW and SW)
(HW and SW)
CCLab proposes a step-by-step approach to its clients during security evaluations, using Flaw Hypothesys Methodology based on our own Common Criteria experience.
The essence of the methodology is to set up the Flaw Hypothesis and then to test the hypothesis by analyzing the documentation in more depth and detail and finally by penetration testing.
Based on the errors found, we perform a “generalization” of the errors, eliminate or correct them and perform a re-check.
The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually.
For us “Application Security” means to cover the entire product development lifecycle:
from design to implementation and testing - including training.
Would you be interested in secure coding? SecDevOps?
A wide range of services are available thanks to our competences within security evaluations.
Among others we provide:
Security by design
BCM consulting, BCP and DRP creation, UAC (User Acceptance Test) and security testing design and management, site security screening
Secure coding training
Using Flaw Hypothesis Methodology to analyse the operation and reveal possible vulnerabilities.
Our methodology is broader than ethical hacking, as it has expanded by our systematic evaluation methodology, which focuses on practical implementation. (conceptual black box testing, gray box testing and white box testing)
Examples of errors that can be corrected during hardening: lack of input validation (SQLi, XSS, RFI, LFI); bypassing of entitlement levels; weakly or poorly implemented cryptographic algorithms; memory management problems (Buffer Overflow), session management issues (session fixation, replay attack); vulnerabilities due to incorrect configuration.
This is a full site inspection which involves recognizing human behavioural patterns; examining areas in accordance with regulations; observing and enforcing security measures and deception, distraction; human behavioural change and social engineering techniques by applying information security awareness control.
For mobile applications CCLab proposes to follow the OWASP Mobile Application Security Verification Standard.
The evaluation process is based on MASVS-L1 Standard Security level and additionally extended to MASVS-L2 Defense-in-Depth level.