Definition of Attacker Model
Attack Surface Analysis (ASA)
Technical Security Audit
Proof of Concept (PoC)
Security Audit Report
For our Software Security Audits, we use a well-defined auditing workflow:
Step 1 - Definition of Attacker Model and Audit Depth: Together with our customers, we define the audit depth, aggressiveness, specific customer requirements and types of attackers that should be considered during the security tests.
Step 2 - Attack Surface Analysis (ASA): In accordance with the defined attacker model, we analyze which parts of the software product can be reached by attackers (attack surface).
Step 3 - Technical Security Audit: This is the main part of the security audit. We typically use a combination of established automated and manual testing techniques to identify security vulnerabilities.
Step 4 - Proof of Concept (PoC): For identified security vulnerabilities, we develop Proof of Concept (PoC) exploits. The PoC exploits demonstrate the identified vulnerabilities, they ensure high reproducibility of our results and they can be utilized for testing purposes during development of subsequent security fixes.
Step 5 - Security Audit Report: In the final step, our customers receive a detailed report that includes a description of the conducted tests, the identified security flaws and suggested security fixes.
Our Analysis Techniques
Communication Protocol Analysis
Static and Dynamic Code Analysis
(Disassembly, Debugging and Decompilation)
Software Reverse Engineering
Source Code Reviews
Manual Code Analysis
Guided Software-in-the-Loop Fuzz Testing with the Trustworks Fuzz Testing Suite
Want to know more ?
Black-Box Security Audit/Penetration Test
In a typical scenario, you have a proprietary software product installed at your site which should be tested for security. For instance, this could be an enterprise software product comprising many client instances, a central server and a database server. In a Black-Box Security Audit we do not have access to the source code of the software product. We are thus used to work with the binary software in the configuration utilized at your site. In on-site security audits we usually work within a test installation of the software product where our security tests cannot interfere with the deployed production system. In off-site security audits we typically get one or more virtual machines where the software product has been set up in the configuration utilized at your site.
We have extensive knowledge, internally developed testing tools and a more than 13 year long experience in Black Box software security testing. To conduct security tests, we analyze the software under test within a product specific security testing environment and leverage established auditing techniques such as static and dynamic code analysis (e.g., disassembly and debugging), fuzz testing, network protocol analysis or reverse engineering to discover vulnerabilities.
White-Box Security Audit and Source Code Review
In a White-Box Security Audit, the customer such as a software manufacturer or an in-house development division provides us with access to the source code of the software product. Depending on the programming language, we utilize established source code review tools and manual code reviews to identify security threats and vulnerabilities within the code.
Communication Protocol Security Audit
Distributed software components such as enterprise products with a client/server architecture often communicate with proprietary communication protocols. Without a deep understanding of how these protocols work during security critical functions such as authentication or the transmission of critical data, potential security vulnerabilities in the protocol could put the entire software infrastructure at stake. For instance, an attacker could thus exploit protocol vulnerabilities to bypass authentication, obtain security critical information such as user credentials or perform Man-in-the-Middle (MitM) attacks.
We combine protocol analysis with software security analysis techniques such as static and dynamic code analysis (e.g., disassembly and debugging), network protocol analysis or reverse engineering approaches to analyze proprietary protocols for security vulnerabilities.
Security Concept Review
You are a software manufacturer or an in-house developer and you plan to include a new security concept into an upcoming product release? We help you address many security challenges through Security Concept Reviews. By following our established software security auditing workflow described in the previous section, we identify potential vulnerabilities and possible solutions for your security design and architecture concept. Our security review will include a detailed analysis of your concept, highlight the concept’s security strengths and weaknesses, provide possible solutions to mitigate the weaknesses and ultimately allow you to increase the security of your upcoming product release at an early state prior to the software implementation.
Security Design & Architecture Consulting
Your software product needs a new security design or the current one should be improved? We bring in our security expertise and experience to help you in developing a solid security design and architecture that fulfills your requirements. We are used to working together with development teams and we understand many of the typical challenges that need to be addressed in large scale software products.