Security Analysis

We have done a number of projects that involve analyzing large software systems for exercised or potential attacks.

Threat analysis

While ideally, security is designed into a system up front that is often not the case. Even if security is a design consideration up front, it is beneficial to have an external review of the system security for critical software systems. Designers are not the best people to test their own designs. They become blind to how things should be done. The system attacker will consciously try to misuse the system.

Network Geographics performs system vulnerability analyses. We perform software reviews, both manual and tool assisted. We also perform operational tests using fuzzing and other automated testing techniques.

We have also worked at the pre-development stage by brainstorming potential attach scenarios. The developers can then work through a system design with a better understanding of the threats in their path.

Forensics

We have leveraged our broad knowledge of architecture, system software, and security to find evidence about how systems are compromised. This involves analyzing logs, intermediate files, and machine code. Our security background means our analysis and reports are well reasoned and supported by evidence that is difficult to deny.