Device Security Testing
Is my product secure? Are there any vulnerabilities present? Can actor X attack it under threat model Y? If so, how long does it take and what type of resources are required?
Our device security testing services are available to answer these and other questions you may have regarding the security of your product.
We are capable of testing the software and hardware of devices using advanced testing methods under various attack scenarios. Moreover, our specialties include technologies like Trusted Execution Environments (TEEs), Secure Boot and Hardware Fault Injection. We actively pursue these specialties through our training and research.
At Raelize we like to listen carefully to your needs and tailor our services accordingly. We are comfortable and have experience with performing our tests in a black-, grey- or white-box setting. Depending on your needs, our tests can be coverage-driven or focused on just breaking a specific aspect of your product's security.
We define, explore and analyze the attack surface of your product in order to identify the largest amount of vulnerabilities possible in the given time frame.
We can perform Vulnerability Assessments on hardware, source code, binary code or a combination thereof. The results include recommendations for remediation of the identified weaknesses and input for subsequent testing.
We identify and exploit vulnerabilities in both software and hardware in order to determine what an attacker can achieve under a predefined threat model.
We can perform Penetration Tests on an entire device or just a specific piece of software or hardware. Moreover, we are capable of performing both software and hardware attacks.
Secure Code Review
We review your software with a critical eye for detail, with a predefined time frame, in order to identify vulnerabilities and other areas for improvement.
We can perform a Secure Code Review on an entire or partial code base, focused on specific assets or interfaces and include or exclude specific type of attacks (e.g. Fault Injection).
We use our experience and expertise to suggest areas of importance to review and test before your product undertakes a security certification.
We perform Pre-certification to increase the chances for a successful security certification for your product and to shorten its Time-to-Market.