Overview
Our software security practice focuses on identifying security bugs and design flaws across the software development lifecycle. Our holistic approach organically combines strategic, white box (static code analysis), and black box (penetration testing) services. We also help clients with validation, developer training, and the identification of the root causes to prevent vulnerabilities from reemerging. Our services can help protect your devices, including Internet of Things (IoT) devices, smart appliances, hardware, and more; secure applications from vulnerabilities; and protect your transactions across mobile devices, the Internet, or telephone IVR systems.
Our Foundstone software security services include
Application Threat Modeling
Identify security problems before software is built. Uncover design flaws, reduce the overall code review effort, and minimize costly fixes.
Download Data Sheet >Avionics Security Assessment
Our methodology for assessing aircraft is based on our experience performing security assessments on the Boeing 777 and other aircraft, and leverages the Cyber Framework for Avionics.
Download Data Sheet >Embedded Systems Assessment
Secure IoT devices, including smart thermostats, home automation devices, TVs, smart appliances, medical devices, routers, and car ‘infotainment’ systems.
Download Data Sheet >Interactive Voice Response (IVR) Assessment
Secure your IVR systems and the confidential data they process, and identify potential vulnerabilities.
Mobile Application Assessment
Assess applications developed for iOS, Android, Kindle Fire, Windows Mobile, and BlackBerry platforms, with a special emphasis on data storage and protection and application logic bypass.
Secure Source Code Review
Using a combination of automated source code analysis and manual reviews, we identify design flaws and implementation bugs hidden deep in the code base.
Software Security Maturity Assurance Assessment
Evaluate your current software security processes, identify major gaps, and implement a balanced software assurance program.
Thick Client/Binary Application Assessment
Identify vulnerabilities in internal- and external-facing thick client applications, binary applications, DLLs, Citrix-based applications, and kiosks.
Web Application Penetration Testing
We identify vulnerabilities with automated and manual tests, provide remediation steps, and help validate fixes.
Web Services Assessment
Identify vulnerabilities in SOAP-based services and RESTful APIs hosted locally or in the cloud using cloud service providers such as Amazon Web Services (AWS).
Security Insights
Get insights from the experts into emerging threats, trends, countermeasures, and best practices for strengthening your organization’s security posture.
Emergency Response
Has your network been breached? If you’re in the midst of a security crisis, we can help.
