Product Security
VSR's product security offerings focus on the unique security contexts created by appliances, both virtual and physical, and embedded devices. This is an increasingly important area in the advent of the Internet of Things.
Product & Appliance Penetration Test
During a product and appliance penetration test, VSR analyzes an appliance or other product to identify architectural and implementation-related vulnerabilities that apply to the appliance or product as a whole. This assessment may be performed in conjunction with a Penetration Test or Code Review of the customer-developed applications that are deployed with the appliance.
- Operating System hardening is thoroughly examined and vulnerabilities are identified.
- Inter-process communications are analyzed for authentication and authorization vulnerabilities.
- Access control mechanisms are examined for vulnerabilities.
- The design and implementation of software components within the appliance are analyzed and evaluated.
- If applicable, hardware components are reviewed and vulnerabilities identified.
- Vulnerabilities are characterized by their impact and likelihood of exploitation.
- Detailed reproduction steps are provided for each discovered vulnerability.
- A remediation plan is offered for each discovered vulnerability.
Embedded Device Penetration Test
During an embedded device penetration test, VSR holistically examines a customer’s embedded device or product. This assessment may be performed in conjunction with a Code Review of any customer-developed firmware that is part of the device or product.
- Physical vulnerabilities related to form factor are identified and exploited.
- All connectors, jacks and ports are thoroughly examined for vulnerabilities.
- The physical hardware is examined for known vulnerabilities in chipsets and boards.
- Firmware is extracted and reverse-engineered to identify and exploit vulnerabilities.
- All communications protocols are analyzed to identify and exploit vulnerabilities.
- Vulnerabilities are characterized by their impact and likelihood of exploitation.
- Detailed reproduction steps are provided for each discovered vulnerability.
- A remediation plan is offered for each discovered vulnerability.
Product Code Review
During a product code review, VSR thoroughly reviews the firmware code of a customer’s product, from the application level down to the kernel level. This assessment focuses on enforcing secure software development processes and identifying exploitable vulnerabilities.
- VSR performs a detailed analysis of the product’s firmware through a combination of static analysis and manual review.
- Once a vulnerability is discovered, we can definitively determine whether or not it is exploitable based on code context.
- Vulnerabilities are characterized by their impact and likelihood.
- Detailed reproduction steps are provided for each discovered vulnerability.
- A detailed remediation plan that is specific to the context of the product is offered for each discovered vulnerability.
- VSR can communicate directly with the development team to ensure vulnerabilities and their remediation are fully understood.
Contact Us To Discuss Your Needs