Software Security Services

Strategic and hands-on security consulting from independent experts

Key Benefits

Protect your devices

Keep your devices secure, including Internet of Things (IoT) devices, smart appliances, hardware, and even airplanes.

Protect your applications

Assess vulnerabilities within your ecommerce portals, mobile applications, application programming interfaces (APIs), and web services.

Protect your transactions

Whether across mobile devices, the Internet, or telephone IVR systems, ensure your transactions are secure.

Our Services

Contact Us

Strategic Application Security Services

Application Threat Modeling

Identify detrimental security problems before software is built. Using our Threat Modeling service, we identify design flaws, reduce the overall code review effort to critical components, minimize costly fixes, and enable development teams to build secure software.

Software Security Maturity Assurance (SSMA) Assessment

Evaluate your current software security processes, identify major gaps, implement a balanced software assurance program, and improve your security posture.

Black Box Assessment Services

Web Application Penetration Testing

Many—if not most—vulnerabilities occur in the application layer. We identify vulnerabilities with automated and manual tests, provide remediation steps, and help validate fixes. We offer developer training and transfer of knowledge back to you, so you can empower internal teams.

Embedded Systems

With an increasing number of IoT devices, there is a critical need to protect these systems from attacks. We help secure these devices, including smart thermostats, home automation devices, TVs, smart appliances, medical devices, routers, and car ‘infotainment’ systems.

Mobile Application Assessment

Using a combination of manual and dynamic testing, we perform tests using simulators/emulators as well as rooted/jailed smartphones and tablets. We specialize in assessing applications developed for iOS, Android, Kindle Fire, Windows Mobile, and BlackBerry platforms, with a special emphasis on data storage and protection, as well as application logic bypass.

Web Services Assessment

Identify vulnerabilities in SOAP-based services and RESTful APIs hosted locally or in the cloud using cloud service providers such as Amazon Web Services (AWS).

Thick Client/Binary Application Assessment

Identify vulnerabilities in internal- and external-facing thick client applications, binary applications, DLLs, and Citrix-based applications, as well as kiosks.

White Box Assessment Services

Secure Source Code Review

Using a combination of automated source code analysis and manual reviews, we identify design flaws and implementation bugs hidden deep in the code base. This service provides the most benefit when used in combination with Web Application Penetration Testing and Application Threat Modeling.

Additional Services

Interactive Voice Response (IVR) Assessment

IVR systems often process confidential data such as credit card numbers, Social Security Numbers, user PINs, and other personally identifiable information (PII). This service helps secure your IVR systems and identify potential vulnerabilities.

Avionics Security Assessment

Our methodology for assessing aircraft is based on our experience performing security assessments on the Boeing 777 and other aircraft. Our approach starts with threat modeling of the aircraft and related systems as recommended by the Cyber Framework for Avionics. Focus areas include radio interfaces, cabin and AIMS systems’ data crossover paths, data loaders, in-flight entertainment systems, in-flight Wi-Fi, and other ingress and egress points. Reviews span internal and external threats, and consider other potential threats such as aircraft crew, air traffic controllers, ground technicians, pilots, catering and cleaning, passengers, operations control center, and remote attackers.

Why Foundstone?

Foundstone is a leader in the field of application security. We published the book "Hacking Exposed: Web Applications," and continue to drive thought leadership in the industry with other books such as "How to Break Web Software." We've also released many free tools, including SSLDigger and TesserCap. Foundstone also leads several key projects with OWASP, which has become the de facto reference point for web application security.