Deployment phase

Post-deployment vulnerability assessments and security audits

Why should I concern myself about product security after deployment?

Even the most professionally built and thoroughly tested products may contain unexpected errors at deployment time. Depending on the size of their imagined stake, many "voluntary security testers" will start investigating your product immediately after launch in order to make a profit from exploiting the errors they may find. If they are successful, your product may become a tool in the hand of the bad guys, and can cause damage both to you and to your customers. The possibilities include loss of money, privacy or reputation, leaking confidential data, and unavailability of critical services -- just to mention a few.

What can I do then to avoid or mitigate such damage?

Even if the worst has already happened and your product has been hacked, you still have a few possibilities to reduce further damage. First of all, you need to investigate and learn what exactly happened and - based on the result - you can take protective steps. Even if you have an appropriate emergency response plan in place to handle unexpected events, taking the specific steps still requires input from security experts. The security experts can also help you to learn from the mistakes and to avoid similar issues in the future.

How can SEARCH-LAB help me in this?

We have seen many security weaknesses over the years and successfully helped our clients to correct, avoid, and learn from these weaknesses. Most of the product security vulnerabilities are caused by some form of simple software programming errors. We can help you find your vulnerabilities, fix them and learn from them.

Even if your deployed software would not change, the world around it does. Every year new technologies emerge that may open new possibilities both for attacking and for securing your product. Problems that may not have been explained before could become exploitable in the future through the discovery of new attack techniques. We can also help you keep up with all of the relevant technologies, trends, and scientific background related to your product so you become aware of these changes before they can become a problem for you.