Testing phase

Why should I concern myself about product security testing?

It helps you answering the following questions:

- Could there be programming errors or holes in the security of my product?
- How much effort would a malicious user need to put into hacking my product?
- How can I make my protection mechanisms stronger with less effort?
- Is my product safe in real-world applications, interacting with other hardware and software?
- Is my product protected from reverse engineering, or theft of my intellectual property?
- Is the privacy and data of my users protected in my application?

We've seen that even the best security will get hacked over time, so the level of sufficient protection depends on how much effort attackers will put into breaking your product. Knowing the real level of protection will help be secure on the long run, without needing to be paranoid.

What can I do to be sure about the security of my product?

There are well-established security testing methods that help you evaluate potential problems systematically. This is best started while specifying your product by adding security requirements, finding out use, misuse and abuse cases. Based on this, a risk analysis can be carried out, which will greatly help testing the security of the final product: it gives you a guide what and where should be checked.

Having knowledge of the inner works of your product, white-box testing can be carried out. In security testing, black-box testing is also often used, and the product is tested as-is, with the eyes of the potential hackers.

How can SEARCH-LAB help me with security testing?

We have expertise providing you risk analysis and threat modeling, based on which we can assess your security systematically. We actually built our own methodology to do it right.

We also have further ways to do security testing: we use automated tools to simulate all kinds of possible, even mal-formed inputs to find problems in the implementation (fuzzing). If you have an already working infrastructure or product, we can provide you black box testing or smoke analysis, finding existing problems even in live systems.