In view of COVID-19 precautionary measures, we remind you that BreachLock is working at full capacity. Our cyber security services can be easily and safely coordinated using our SaaS platform.
Industry recognitions we have earned
We will examine the firmware to discover vulnerabilities such as a backdoor, buffer overflow, format string vulnerabilities to name a few. We examine firmware upgrade process and boot process to ensure that encryption and upgrade methods are executed in a secure manner.
Hardware device and Internet-of-Things focused penetration testing aims to identify flaws such as: Weak Passwords, Insecure Protocols, Insecure APIs, Insecure Communication Channels, Misconfigurations, authentication by pass vulnerabilities and many more.
Database injection, authentication failure, data leaks, XML exposure to external entities, brute force, access controls, and security misconfiguration are few examples of test cases that we include in our approach. We also test for business logic security flaws in your web applications.
Technical Support is available to assist with our test results. We will work closely with your IT team and partners to ensure that security gaps are identified and provide advice to help you address them. Our SaaS portal facilitates the whole workflow in an easy to manage way.
BreachLock™ provides end to end IoT and Application Security Testing as a Service
Our team will analyze the attack surface of IoT systems and will assess the highest risk interface and communication. We take an adversary perspective and focus on the entry points that matter. Working closely with your team, we’ll create a customized approach covering the entire system and help you identify and mitigate the most critical vulnerabilities.
Our penetration and system analysis testing will cover basic analysis to consider the whole ecosystem of the IoT technology is covered. We will cover every component and analyze its security posture from the hackers perspective. Our testing includes the IoT mobile application, cloud APIs, and hardware devices as well as mobile devices with standard or nonstandard firmware.
We will test the physical security and internal architecture of your hardware to determine the complete attack surface. Our approach may include component identification, firmware exploitation, identification of interfaces, and exploiting the device to bypass security controls, intercept and modify traffic or commands.
We will test communications between various interfaces included ethernet, wifi, and Bluetooth. Our review focuses on the cryptographic strength of your encryption and the possibility to manipulate data in transit. We also fuzz the input to your device or application where possible. We will assess the complete communication pattern and report any security gaps we find backed with screenshots.
Before we begin testing, BreachLock™ along with your company will determine the full scope that will be tested. Clear and open discussion with the customer is integral at this step. All communication is facilitated via our SaaS portal which enforces our methodical approach and promotes collaboration between teams. At this stage, we determine the companies’ infrastructure such as domains, servers, and other IoT devices. We then determine if any should be excluded and why. Once we have a list of all of the devices to be tested we can then define the testing duration.
We begin to attack vulnerabilities and known weak spots with your IoT devices and related web or mobile application. We perform this step with the utmost care in order to protect both the web app and your data. We repeat the penetration process using both manual processes and automated tools. We use many methods such as those prescribed in OWASP methodology. Utilizing our SaaS, we are able to scan your systems in order to find the vulnerabilities that are putting your data at risk. The results of this phase are recorded in PDF and online reports that are made available to you within our SaaS portal.
The BreachLock™ team collects and compiles all of the obtained information and provides the customer with an exhaustive report. We also include comprehensive recommendations to aid business leaders as well as the IT team in order to make logical decisions regarding web application security. We provide a list of each vulnerability, including how we tested and how we recommend resolving the risk. At this stage, we provide specific technical details using which the IT team can act quickly. Our online ticketing system can be used to ask any questions to BreachLock™ security researchers.
After both the business leaders and the IT team are able to read the report and act during the remediation process, we will retest to determine the effectiveness of findings resolution. We will rerun our penetration test on the web application. As a result of the retest, you can download an updated report from within our SaaS portal. This report will either show a clean build or a patched vs not patched status for each finding. If all vulnerabilities are solved we will also issue you a security certificate valid for 12 months.
Penetration testing has become an integral part of an organization’s security strategy in the last few years. It assists an organization in discovering existing vulnerabilities, loopholes, and weaknesses in the existing infrastructure. It is always recommended that penetration tests should be conducted at regular intervals to minimize the chances of a security incident.
Just like penetration testing of microservices, API penetration testing is quite like web application penetration testing. We follow the same approach in API Penetration Testing, however, the type of attacks that are carried out are a bit different but mostly web application flaws fit in it very easily.
Security in SaaS companies is primarily different than other companies due to two different reasons – first, a plethora of organizational and customer data, and second, complex and regularly updated applications. Storage and segregation of data stored with a SaaS company significantly increase the complexity of security.