Notification

  Latest launch: DarkMatter Cyber Security Report. Click here to read more

System Security Testing

Testing services within four leading-edge Laboratories with the most advanced tools, frameworks and methodologies

The Cyber environment is constantly evolving and in a ubiquitous manner. Basic security measures and tools no longer guarantee long-term protection against aggressive attacks and sophisticated cyber crime. In today’s unpredictable reality, only those organisations that get ahead of cyber criminals can win the cyber security battle.

To support companies succeed in this, xen1thLabs elite security team provides security testing and vulnerability assessment services as an intrinsic preventive security step. We apply our information security expertise and business acumen to help organisations across the world shape their unique pro-active security strategy. xen1thLabs experts examine companies’ readiness to counteract cyber attacks across all systems and infrastructure, focusing their efforts on enhancing corporate security posture.

STEP-BY-STEP SECURITY ASSESSMENT

Thorough planning and advanced project management tools are what leads a testing process to success. xen1thLabs considers security testing as a multi-stage procedure where an effective execution of each stage defines the general outcome. In additional to our in-depth technical expertise, we apply business thinking and strategic foresight to create an optimal testing model that ensures an uninterrupted business flow.

We divide the testing process into 4 key stages:

  • INTELLIGENCE GATHERING AND ON-SITE INSPECTION

To understand the project scope and define the relevant testing approach, xen1thLabs experts start with an in-depth analysis of the existing security landscape, gather information on a system structure and components, adopted security policies and compliance guidelines. This allows xen1thLabs to understand a one-of-a-kind security stance in your organisation and define the testing vector, as well as gather all relevant information and documentation.

  • ELABORATION OF A TESTING PLAN

xen1thLabs testing team elaborates a detailed testing plan cutting across all components of the System or Device Under Test (SUT / DUT). The plan describes required testing stages, necessary methodologies and tools relevant to a particular testing profile, as well as an estimated schedule of each test.

  • SECURITY TESTING

xen1thLabs elite researchers and consultants, perform in depth security testing of defined software, hardware, mobile or web environment using best-in-breed testing frameworks and techniques, vulnerability feeds, and the latest advancement in equipment to ensure accurate results.

  • REPORTING

We understand that detecting vulnerabilities is only the first step towards an improved security. To introduce real changes and achieve positive improvements, we assist organisations in elaborating and adopting feasible mitigation measures aimed at eliminating security vulnerabilities and restoring corporate cyber resilience.

MULTI-TIER TESTING FOR A HOLISTIC VIEW OF YOUR SECURITY POSTURE

Understanding the complex technical structure of modern organisations, we aim at providing our testing consulting services across different layers. This opens up wide opportunities for our customers who can plan a step-by-step security testing strategy for their entire IT infrastructure.

 

SOFTWARE SECURITY TESTING AND VULNERABILITY ASSESSMENT

Software stays the most attractive target for attackers to obtain privileged rights, reach critical data or even distress an entire system/infrastructure. With your software immunity in mind, xen1thLabs security professionals offer advanced vulnerability assessment services, fuzz testing, code review, binary analysis and more to assess your software from within and evaluate its resistance to potential cyber attacks. True-to-life threat modelling and advanced testing methodologies allow us to detect vulnerabilities across the software stack entirety and provide mitigation recommendations as required.

 

SOFTWARE SECURITY TESTING: OUR PORTFOLIO

xen1thLabs security experts security experts bring together their expertise in System Security Testing to the heart of corporate software and detect vulnerabilities, across a variety of systems, including general purpose systems, embedded systems and SCADA.

We perform a wide set of tests using various testing methodologies:

  • Black-box testing
  • White-box testing
  • Grey-box testing

Partnering with xen1thLabs provides several testing profiles, which are often customised to meet particular security needs.

1. VULNERABILITY ASSESSMENT

Our security testing team will help you reveal, classify and define the most critical software vulnerabilities that can be targeted / exploited and consequently cause severe breaches. xen1thLabs professionals will then provide you with recommendations and apply instant remediation measures to address detected vulnerabilities, thus preventing potential attacks.

2. FUZZ TESTING (FUZZING)

We apply advanced fuzzing techniques to test your software and detect bugs and vulnerabilities that can be exploited by attackers, including Remote Code Execution vulnerabilities, Bypass vulnerabilities, Privilege Escalation vulnerabilities, Information Disclosure vulnerabilities and other types of vulnerabilities.

3. CODE REVIEW

xen1thLabs security experts inspect the source code to find security flaws as well as code mistakes and vulnerabilities exposing your software to potential exploits. We will help you to improve software quality by removing security gaps and implementing proper security controls.

 

DELIVERABLES

At the final stage of software security testing and vulnerability assessment, xen1thLabs delivers a complete set of reports to guide organisations through remediation actions:

  • General description of the testing process, including used methodologies and tools, software or software components that were tested
  • xen1thLabs use their proprietary scoring techniques aligned with the CVSS and OWASP scoring methodologies
  • Detailed technical and executive-level reports on each vulnerability, its risk level and potential scenarios of exploits
  • Recommendations on mitigating identified vulnerabilities, and further assistance in improving your software security

PROACTIVE STEPS TOWARDS STRONGER PROTECTION

Going through software security testing and vulnerability assessment with xen1thLabs, your organisation gets the opportunity to enhance software security and fortify your entire IT environment.

  • Proactive cyber security
    Get a complete visibility of your software vulnerabilities, define the most critical ones and start remediation right on.
  • Compliance under control
    Check up on the current compliance state and fix the identified security gaps with the optimal testing profile. Software security testing also allows early detection and patching of software security holes as essential steps before the official validation.
  • Secured budget
    With software security testing, your organisation can prevent possible financial losses caused by security breaches or data leaks, avoid non-compliance penalties and get insured against business process ruptures during software downtime or full inoperability.

HARDWARE SECURITY TESTING

 

Remove hardware security gaps before attackers exploit them

We explore the invisible side of your cyber security and reveal blind spots in your hardware protection. xen1thLabs services are based on the deep expertise of our specialists in such domains as:

  • SIDE-CHANNEL ANALYSIS
  • FAULT INJECTION AND ANALYSIS
  • CIRCUITRY ANALYSIS
  • CHEMICAL AND ELEMENTAL ANALYSIS
  • SECTIONING AND VISUAL INSPECTION
  • IMAGING
  • HARDWARE REVERSE ENGINEERING
  • CRYPTANALYSIS OF HARDWARE CRYPTO MODULES

Our hardware security knowledge, coupled with technical skills and best-in-class equipment, lets us discover a vast spectrum of security gaps, as well as manufacturing defects or misconfigurations that can be leveraged by attackers to exploit a system.

 

DISCOVER THE INVISIBLE SIDE OF YOUR CYBER SECURITY

xen1thLabs researchers equipped with the latest technological innovations, are able to conduct thorough investigation of hardware security at the overall system level as well as the low component level, reveal hidden threats and offer the most suitable remediation implementations.

Our expertise and technical knowledge allow us to offer a broad portfolio that includes miscellaneous security consulting services.

TO GET A COMPREHENSIVE PICTURE OF YOUR HARDWARE SECURITY, WE USE

  • SCANNING ELECTRON 
  • FOCUSED ION BEAMS
  • ENERGY DISPERSIVE X-RAY SPECTROSCOPY
  • MICROPROBING
  • ATOMIC FORCE MICROSCOPY
  • X-RAY TOMOGRAPHY
- SIDE-CHANNEL ANALYSIS

xen1thLabs professionals apply unique expertise and cryptanalysis knowledge to detect weaknesses in hardware cryptographic systems and algorithms / protocols deployed within. This allows to prevent attackers from weakening corporate security solutions, bypassing or completely ruining activated security controls. We aim at creating shellproof protection of hardware-backend cryptographic systems and long-term immunity of secret keys. Additionally, xen1thLabs experts assess the effectiveness of the implemented countermeasures and offer corrective actions if countermeasures work inappropriately.

While carrying out Side-Channel Analysis, xen1thLabs testing professionals perform various types of side-channel attacks:

  • Simple Power Analysis (SPA)

  • Differential Power Analysis (DPA)

  • Differential Electromagnetic Analysis (DEMA)

  • Template Attacks

  • Timing Analysis

- FAULT INJECTION AND FAULT ANALYSIS

xen1thLabs hardware security team performs fault injection and fault analysis, which allows us to compare algorithm results under regular and abnormal conditions, as well as skipping defined operations, which is a powerful tool to compromise a system. Xen1thLabs is using cutting edge equipment that allows various types of fault injection methods:

  • Voltage glitching
  • Clock glitching
  • Electromagnetic fault injection
  • Laser Fault injection
- HARDWARE REVERSE ENGINEERING

xen1thLabs professionals have built up their expertise in hardware reverse engineering.

Our capabilities apply to the following:

  • Systems analysis

  • Prototyping

  • Reverse engineering of printed circuit boards, integrated circuits/smart cards, embedded components

    • PRODUCT TEARDOWN
    • COMPONENT IDENTIFICATION
    • PCB REVERSE ENGINEERING
    • INSPECTION OF BUSES AND INTERFACES
    • SIGNAL MONITORING AND LOGIC ANALYSIS
    • MEMORY AND FIRMWARE ANALYSIS
    • PARAMETRIC MEASUREMENTS
- CIRCUITRY ANALYSIS

Our specialists inspect all the elements used to build circuits and explore their behaviour when they get connected into a circuit. This allows us to evaluate the accuracy of a circuit, define currents and voltages in a network, detect fixed and variable inputs and outputs, and open conductor lines.

 

DELIVERABLES

The availability of high-quality equipment and the most advanced testing methodologies allows xen1thLabs to provide a set of high-quality and comprehensive reports revealing the state of hardware security. Relying on test results, our team elaborates individual approaches to fortify hardware security and make it inaccessible for attackers regardless of how aggressive their attack methods are.

At the end of the testing process, our customers get:

  • A detailed report on hardware security testing
  • A list of feasible actions to mitigate detected hardware vulnerabilities

 

HARDWARE PROTECTION GUARANTEES YOUR CORPORATE IMMUNITY

Hardware security is an essential component of your organisation’s overall protection, which ensures sensitive data protection and business stability. Attending to your hardware protection, you also ensure:

  • Hardware environments void of defects
  • Error-free performance of your network devices and components
  • Improved hardware crypto protection through advanced cryptanalysis capabilities
  • Resistance to unexpected faults and side-channel attacks

 

TELECOMMUNICATION AND MOBILE SECURITY TESTING AND VULNERABILITY ASSESSMENT

 

While mobility helps businesses to erase boundaries and open up new opportunities, mobile devices become an easy target for attackers to compromise your business stability and access sensitive data. Entrusting your mobile security to xen1thLabs, you can be sure no vulnerabilities will be overlooked. We approach every system individually, taking into consideration its functional peculiarities and adaptability to security requirements, as well as reveal security flaws and offer suitable measures to eliminate them. We also provide telecom network and protocols security testing consulting services.

Mobile forecasts predict the number of smart phone and embedded system users to exceed 6 billion globally by 2020. This boost of mobile technologies that erases communication boundaries and offers the overall data availability has its downside, though. Transparent connections and massive data flows make mobile and embedded devices an attractive target for cyber criminals. What’s even worse, coming to the business reality, mobile technologies increase cyber risks substantially. Taking advantage of overlooked mobile vulnerabilities, attackers can steal sensitive data, damage corporate reputation and ruin customers’ loyalty.

xen1thLabs team of cyber security experts have built an extensive expertise in information security, System Security Testing and mobile technologies. We consider mobile security as an essential component of your business immunity. Our world-class experts apply top-notch solutions to mitigate mobile security threats across the whole software and hardware stack, covering microcode, kernel, operating system and user space. We are ready to address your mobile security challenges of any complexity, across any platform, and fortify your mobile environment using leading security practices.

xen1thLabs also specialises in evaluation and testing of various Wireless protocols (4G, 3G, 2G, WiFi, IP Layers).

 

HIGH-QUALITY MOBILE SECURITY TESTING

By getting the 360° view of your mobile environment, xen1thLabs experts aim at fortifying your corporate mobile security and aligning it with the international standards.

OUR MOBILE TESTING CONSULTING INCLUDE:
IN-DEPTH RECONNAISSANCE

This combines a thorough analysis of your business specifics and a detailed investigation of your mobile solution architecture, backend services and enabled security controls. At this stage, our experts are able to draw up an effective step-by-step testing plan that perfectly matches your mobile ecosystem.

  • Source code review and static analysis services:
    xen1thLabs provides source code review and static analysis services to discover injection flaws, detect backdoors, hard coded passwords and keys, as well as weak algorithms or platform-specific issues.


  • Reverse engineering:
    xen1thLabs performs reverse engineering of mobile hardware (integrated circuits/smart cards, embedded components) and software (dynamic analysis capabilities).

  • Performance testing services:
    xen1thLabs fulfils performance (stress) testing consulting to measure the efficiency of a software or hardware product in terms of speed, energy consumption, effectiveness, load tolerance, traffic analysis, scalability and other parameters under the full range of operational loads and conditions.

  • Advanced forensic testing, including timeline analysis and file system analysis

REMEDIATION PLAN

xen1thLabs mission is to help organisations take feasible countermeasures to prevent vulnerability exploitation and protect sensitive data. With this intention, we provide our customers with a comprehensive remediation plan that describes how to fix identified vulnerabilities and enhance mobile system security.

INSPECTION OF MOBILE DEVICES

Sleek connection and secure operability of mobile devices is another critical factor of your mobile protection. xen1thLabs watches carefully over your enabled antiviruses, antimalware and encryption technologies, so that mobile users could be sure their communication is protected against intrusions and their data can’t be intercepted.

WIRELESS PROTOCOLS TESTING CAPABILITIES

xen1thLabs experts have the capability to test 4G, 3G, 2G, WiFi, IPSec and other IP layers including:

  • Testing of a product/system for compliance against the relevant protocols claimed in the Security Assurance Specification. 

  • Testing of security dimensions to meet the established security requirements:

    • ACCESS CONTROL
    • AUTHENTICATION
    • NON-REPUDIATION
    • DATA CONFIDENTIALITY
    • COMMUNICATION SECURITY
    • DATA INTEGRITY
    • AVAILABILITY
    • PRIVACY

ADDRESS MOBILE SECURITY WITH BEST-OF-BREED TOOLS AND METHODOLOGIES

An extensive experience in system security testing and diverse areas of cyber security, including software and hardware testing, cryptanalysis and security research let our experts find an optimal approach to each particular mobile device and detect vulnerabilities that can lead to data leaks and security breaches. Focusing on your mobile security, we provide end-to-end mobile security testing and vulnerability assessment across all platforms and devices.

iOS
  • Objective C
  • CoCoa
  • Swift
Android
  • Java
Windows Phone
  • XAML
  • C#
  • Visual Basic
Blackberry
  • C/C++
  • Java
  • Actionscript/Air
Mobile Web and Hybrid Apps
Scripting Languages
  • CSS3
  • Javascript
  • HTML5
  • Python
  • Ruby
Develop Tools
  • Phonegap
  • Cordova
  • Sencha
  • Xamarin

 

DELIVERABLES

As a part of the mobile security testing and vulnerability assessment service kit, xen1thLabs security specialists provide organisations and business owners with applicable guidance on how to remove identified blind spots in mobile security. To help you make further security steps, we provide:

  • All-inclusive overview of the mobile environment
  • A mobile security testing report that includes all identified vulnerabilities, their detailed description and assessment
  • A hands-on remediation guidance with detailed recommendations on how to fix vulnerabilities and close security gaps
  • A proprietary suite of secure mobile applications that will help you strengthen your mobile systems, improve protection of data in transit and at rest

 

PROTECTED MOBILITY AS YOUR BUSINESS DRIVER

Attending to your mobile security, our security team aspire to create additional incentives for your business growth along with eliminating mobile security risks, thanks to:

  • Immunised mobile environment that is resistant to cyber-intrusions
  • Secured and stable mobile devices and solutions
  • Reliable mobile connectivity resting on recognised security mechanisms
  • Proper internal mobile security policies aligned with globally established security regulations
  • Solid data protection

 

Resources