Product Security Analysis
Whether explicit or not, you have security goals for every computing device and application you use. You have to make sure you understand how well protected, and how resilient your systems are to attack. That means understanding the threats you face and configuring systems appropriately for your environment. So how can you ensure that your solution complies with best practices, standards, and regulations, and shorten time to market and accreditation, while helping to reinforce public and user acceptance?
To help you assess your threat model and evaluate your application or device against that model, we approach your device like an attacker would, finding things a defender might not see. Our time-proven systems and processes help our customers maintain a holistic defense against numerous fast-changing problem areas. Through independent validation, you receive an unbiased assessment of risk and security posture providing what you don’t know – the “unknown unknowns” related to security posture, risk and liability, and regulatory compliance. Using a platform agnostic approach with cross-technology awareness of hidden issues, your product analysis identifies vulnerabilities against agreed-upon security objectives.
- Secure mobile operating system development
- System and architectural security
- Operating system internals
- Network security
- Authentication and authorization technology
- Forensics inspection and analysis
- Exploit development and fuzzing
- Wireless, Bluetooth, and Near Field Communications (NFC) inspection
- DoD Security Technical Implementation Guide (STIG) development and validation
- Black-box, Gray-box, White-box testing
- Reverse engineering
- Security Enhanced Linux (SELinux) and SELinux for AndroidTM
Our security specialists have a broad foundation for understanding the peculiarities of device, software, and protocol inspection from both a defensive and offensive posture. An Owl independent security evaluation provides our customers, and any associated certification or approving authority, a high degree of confidence that their security objectives are being met. Owl’s reputation within the US Government security community provides additional confidence to approving officials in providing justification to authorize operation. Our DIAL evaluations aid in shortening the approval process and provide a level of confidence that, as future threats evolve, every reasonable precaution has been and will be taken to avoid compromise.
Owl created the Device Inspection Analysis Laboratory (DIAL) to perform custom security inspections of wired, wireless, computer processing equipment, network devices and mobile hardware and associated software products, infrastructure and communications equipment, end-user devices, application software, and stand-alone devices.
DIAL is a cost-effective state-of-the-art resource for independent verification and validation (IV&V) of products and systems, including systems composed of multiple hardware and software elements. The primary output from the Owl DIAL team analyses is a vulnerability assessment detailing all observable security strengths and weaknesses identified during testing and analysis. Understanding the potential vulnerabilities enables our customers to mitigate security liabilities and deploy with the confidence that their system is appropriately protected.
DIAL gives you the benefit of commercially available and in-house developed tools from some of the top subject matter experts in the industry providing you with state-of-the-art testing capabilities without having to acquire them yourself. Our primary resources include:
- Cybersecurity professionals with experience in penetration testing, device rooting, exploit development; SELinux policy analysis & development; Android hardening
- Device Inspection Analysis Lab (2G, 3G, 4G and 5G cellular base station, Electronics test & measurement equipment, microscopes, IDA Pro)
- Mobile Forensics tools that can extract data from 1000’s types of devices, including: MSAB XRY and Cellebrite UFED
Owl serves a diverse set of markets – so let us know your business needs and one of our cybersecurity experts will be in touch with you shortly. In order to put you in touch with the right specialist on our team, please provide us with as much information as possible. Talk soon!