Cybersecurity Assessments
We assess your cybersecurity status and progress, helping you to develop your performance.
Our services cover cybersecurity, from the transistor level for semiconductors, ranging over embedded firmware and software, to web, mobile and cloud applications, covering all kinds of IoT solutions, as well as IT- and cloud-network security services.
We also assess secure management systems, policies, business processes and professionals.
Hardware
We carry out:
- Hardware security reviews
- Hardware security analysis applying the below listed methods and covering the highest attack potential (representing CC AVA VAN 5) from chip level to product level (e.g. IoT hardware)
- Attack landscape monitoring services for tested products
Methods applied:
- Fault injection (e.g. laser, EM, glitch)
- Slide channel analysis (e.g. power, EM, timing, single photon emission)
- IR and photo emission imaging
- Micro probing
- Hardware reverse engineering
- Embedded firmware and software analysis
Software
We deliver:
- Software security reviews
- Static Code Analysis (SCA) and reviews related to security features and measures
- Binary Code Analysis (BCA)
- Software reverse engineering
- Fuzzing
- Application security assessment, considering, for example: least privilege assessment, security architecture review and applied system hardening
- Application penetration testing against applications running on (IoT) devices, web servers or local machines
- Mobile app security analysis
IT & Cloud Infrastructure
We offer network assessments such as:
- Enterprise vulnerability assessments – covering network technologies, components and web services
- Penetration testing against IT-networks, cloud platforms or IoT backends
- Advanced penetration testing – such as Red Teaming, tailored for specific industry needs
- Monitoring of specific and critical assets
Crypto Algorithms & Protocols
We offer:
- Cryptanalysis of primitives: symmetric and asymmetric schemes, hash-functions and random number generators
- Cryptanalysis of protocols: basic authentication, privacy and secure communication protocols
Governance, Risk & Compliance (GRC)
Our GRC services cover gap analysis, risk assessment, preparatory audits, compliance projects, training and advisory for all governance, risk and compliance topics related to cybersecurity schemes, processes, standards and regulations such as:
- Industrial Automation and Control Systems (IEC 62443)
- Network security
- ISMS according to the ISO/IEC 27000-series
- Business continuity according to ISO/IEC 22301
- Regulations such as GDPR and the Network and Information Security Directive
- NIST-Framework
- Secure Development Life Cycles (SDLC)
- Cybersecurity Maturity Model Certification (CMMC)