Product Security Evaluation

Product Security Evaluation

Have you ever thought about how your product would stand up against hackers? Or are you interested in how well a product has been developed before buying, using or recommending it? 

Our product security assessment service is designed to help you ascertain how well a product has been developed from a security perspective and the level to which it might stand up to relevant cyber threats.

Whether it's your product, or one you're thinking about buying, using or recommending, we'll attack it like a hacker would, to find any obvious vulnerabilities and likely areas of weakness.

Examples of products we can test:

  • Embedded systems such as routers, printers, storage devices
  • Enterprise VPN solutions,
  • Enterprise mobile applications,
  • Vehicle trackers
  • Mobile and IoT products that have a security implication


Product security testing

This service is designed to deliver the level of assurance for the appropriate threats. It is not a full product assurance process, which can take many weeks (if you do want that, or want to sell to UK Government, look into CPA or CTAS), but a way of achieving a pragmatic measure of assurance in the security of a product.

Each assessment is tailored to the product and to your requirements. We will work with you to determine a suitable scope for the evaluation, taking into account the likely threat to the product and the impact of a breach in security. 

Features of our product security testing service:

  • Hardware teardown
  • Firmware dumping and boot process modification
  • Firmware analysis and firmware update protections
  • Device configuration and storage protection
  • Network protocol testing
  • Bluetooth testing
  • Web server fuzzing and crash analysis
  • Open investigation


Our experience in pen testing hardware products

Our Research team have a real mix of skills and experience, but share a core set of reverse engineering, vulnerability research and software development skills.

Previous customers include global technology vendors, corporate and government organisations.

As we won’t discuss previous customer tasks, here are some examples of what we've found in other commercial products that we investigated for our own research:

Contact us

Pen test your products for IoT security vulnerabilities with our product security testing service. Contact us today to get a sample report.

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider